Skip to content

Instantly share code, notes, and snippets.

View IgorDuino's full-sized avatar
:shipit:
hamster

Igor Kuzmenkov IgorDuino

:shipit:
hamster
60 followers · 120 following
View GitHub Profile
@to016
to016 / CVE-2023-41892-POC.md
Last active November 27, 2024 18:01
CVE-2023-41892 (Craft CMS Remote Code Execution) - POC

This Gist provides a Proof-of-Concept (POC) for CVE-2023-41892, a Craft CMS vulnerability that allows Remote Code Execution (RCE).

Overview

CVE-2023-41892 is a security vulnerability discovered in Craft CMS, a popular content management system. Craft CMS versions affected by this vulnerability allow attackers to execute arbitrary code remotely, potentially compromising the security and integrity of the application.

POC

This POC is depending on writing webshell, so finding a suitable folder with writable permission is necessary.

@IgorDuino
IgorDuino / formatting_messages_bot.py
Last active August 11, 2023 04:01
Отправка форматированых сообщений в канал с кнопкой через бота
import requests
import argparse
import os
import json
def send_message_with_button_and_photo(
chat_id, html_file, button_text, button_url, photo_path=None
):
bot_token = os.environ.get("BOT_TOKEN")
@yellinben
yellinben / vscode_proxy.jsonc
Last active June 6, 2025 09:50
Allow HTTP proxy in VS Code & Copilot
// Add these settings at the end of VSCode's `settings.json` file to allow HTTP inspection.
// For use with any MITM, self-signed HTTP proxy (Proxyman, Charles, Fiddler, etc).
// Last tested on VSCode 1.78.2. It's possible security settings will be hardened in future releases.
// Make sure to enable SSL-proxying of relevant hostnames to intercept complete requests/responses.
// For Copilot: `copilot-proxy.githubusercontent.com`
// These settings are obviously not secure, so disable them when not needed!
{
/* rest of your vscode settings */
@shalior
shalior / vless-link-to-v2ray-json-config-node.js
Created February 17, 2023 04:40
A nodejs function to convert vless links to json config files
@IgorDuino
IgorDuino / remove_stock_miui_shit.sh
Last active December 21, 2023 16:56
Remove stock MIUI apps WITHOUT ROOT or BOOTLOADER
adb shell pm uninstall -k --user 0 com.android.browser #Mi Browser
adb shell pm uninstall -k --user 0 com.android.calendar #Calendario
adb shell pm uninstall -k --user 0 com.android.deskclock #Reloj
adb shell pm uninstall -k --user 0 com.android.mms #Mensajes
adb shell pm uninstall -k --user 0 com.facebook.appmanager #Facebook App Manager
adb shell pm uninstall -k --user 0 com.facebook.services #Facebook Services
adb shell pm uninstall -k --user 0 com.facebook.system #Facebook App Installer
adb shell pm uninstall -k --user 0 com.google.android.apps.docs #Google Drive
adb shell pm uninstall -k --user 0 com.google.android.apps.maps #Google Maps
adb shell pm uninstall -k --user 0 com.google.android.apps.photos #Google Photos
@PSJoshi
PSJoshi / rbash-escape.md
Last active October 22, 2025 07:32
Escape from rbash to bash shell

Change rbash to bash

psj@ubuntu:~$ ssh psj@server_name-t "bash --noprofile"

List available commands:

$ compgen -c

Essentially you need to do the following:

@Pliner
Pliner / import
Last active April 6, 2025 21:49
Mikrotik antifilter.download update script
:do {
:do {
/file remove "/ipsum.rsc";
/file remove "/subnet.rsc";
} on-error={}
:put "Downloading ipsum.rsc...";
:do {
/tool fetch url="https://antifilter.download/list/ipsum.rsc" dst-path="/ipsum.rsc"
} on-error={