Skip to content

Instantly share code, notes, and snippets.

View 0xrnair's full-sized avatar

Rahul Nair 0xrnair

24 followers · 10 following
View GitHub Profile
@lukassup
lukassup / zipapp.md
Last active September 12, 2023 02:17
Python zipapp

Python zipapp web apps

What's a zipapp?

This concept is very much like .jar or .war archives in Java.

NOTE: The built .pyz zipapp can run on both Python 2 & 3 but you can only build .pyz zipapps with Python 3.5 or later.

Initial setup

@acolyer
acolyer / jessfraz.md
Created November 19, 2017 13:39
Containers, operating systems and other fun things from The Morning Paper
@saelo
saelo / pwn.py
Last active December 15, 2019 23:35
Exploit for "ragnarok" of HITCON CTF 2017
#!/usr/bin/env python3
#
# Exploit for "ragnarok" of HITCON CTF 2017.
#
# Bug:
# ----
# In Odin::add_weapon, the following line of code is executed:
#
# cast_spell(shared_ptr<Figure>(this));
#
@curi0usJack
curi0usJack / .htaccess
Last active June 6, 2024 18:04
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
#
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
#
# Note this version requires Apache 2.4+
#
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
#
# Include /etc/apache2/redirect.rules
#
@jespertheend
jespertheend / simple-https-server.py
Last active September 28, 2019 21:32 — forked from dergachev/simple-https-server.py
Fork from https://gist.github.com/dergachev/7028596 with one change that allows for sending POST requests. It basically handles them the same as GET requests and doesn't give an error anymore :)
# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
# generate server.pem with the following command:
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
# python simple-https-server.py
# then in your browser, visit:
# https://localhost:4443
import BaseHTTPServer, SimpleHTTPServer
import ssl
@chrisdpa-tvx
chrisdpa-tvx / athena.rst
Last active March 20, 2022 06:28
Create an Athena database, table, and query

All Your Data Does Not Belong In a Database

Businesses are machines producing mountains of data about sales, usage, customer, costs, etc... Traditionally data processing is highly centralised with teams of staff and computer running hot a whirling ready to process. We can do better than moving the mountain of data into the corporate data machine - so long as that machinary is light enough to be moved to the data.

Don't move the mountain - Bring the processing to the data

We've had this problem; a huge directory of files in CSV format, conataining vital information for our business. But it's in CSV, requires analysis, and don't you don't feel like learning sed/grep/awk today - besides it's 2017 and no-one thinks those tools are easy to use.

@eboda
eboda / exploit.js
Last active September 14, 2021 13:20
Exploit for Chakrazy challenge from PlaidCTF 2017 - ChakraCore exploit
////////////////////////////////////////////////////////////////////////////
//
// The vulnerability was that the following line of code could change the type of the
// underlying Array from JavascriptNativeIntArray to JavascriptArray:
//
// spreadableCheckedAndTrue = JavascriptOperators::IsConcatSpreadable(aItem) != FALSE;
//
// As can be seen in the provided .diff, the check for whether the type of the pDestArray has changed
// was removed. If the aItem then is not a JavascriptArray, the following code path is taken:
// else
@schleumer
schleumer / CLEAN-THE-FUCKING-DOCKER.fish
Last active April 13, 2023 22:33
function remove-docker-containers
echo "Stop running shit"
docker stop (docker ps -q)
echo "Remove the whale shit"
docker rm (docker ps -a -q)
end
function remove-docker-images
remove-docker-containers
@NoraCodes
NoraCodes / raserver-cipher.py
Last active May 12, 2024 02:41
Asynchronous Reverse Shell and Server in Python using asyncio
#!/usr/bin/env python3
"""
An async server for base64-encoded reverse shells
Allows rashell-cipher clients to connect and get commands
Expects network data in base64 wrapping xor enciphered data
The XOR key in this script needs to match the client key.
Written by Leo Tindall / SilverWingedSeraph
This code is covered by a CC-BY-SA 4.0 license.
Give attribution and share under the same license.
@hernamesbarbara
hernamesbarbara / Principles-of-Adult-Behavior.md
Created June 22, 2016 18:54

Principles of Adult Behavior

  1. Be patient. No matter what.
  2. Don’t badmouth: Assign responsibility, not blame. Say nothing of another you wouldn’t say to him.
  3. Never assume the motives of others are, to them, less noble than yours are to you.
  4. Expand your sense of the possible.
  5. Don’t trouble yourself with matters you truly cannot change.
  6. Expect no more of anyone than you can deliver yourself.
  7. Tolerate ambiguity.
  8. Laugh at yourself frequently.