Skip to content

Instantly share code, notes, and snippets.

View MrMugiwara's full-sized avatar
🇲🇦
Working from home

Soufiane Boussali MrMugiwara

🇲🇦
Working from home
271 followers · 203 following
View GitHub Profile
@MrMugiwara
MrMugiwara / README.md
Created July 16, 2016 22:56 — forked from MidnightLightning/README.md
Steganography tools

Steganography: the art of hiding in plain sight. Messages specifically. These are a series of tools that aid in embedding messages in digital files.

While steganography provides obscurity, it does not strictly provide security. Before hiding your message using any of these scripts, it's suggested you encode your message (try PGP/GnuPG encryption or put it in a TrueCrypt container if you're at a loss).

pngload.py

The PNG file format divides the image data into 'chunks', and allows for additional, private chunks to be added by image editors. This script takes the message you wish to embed and saves it as binary data in such an ancillary chunk.

The files being embedded are compressed with bzip2 compression if they're not already a bzip2 archive. This is different from the `

@MrMugiwara
MrMugiwara / how-to-oscp-final.md
Created January 9, 2017 21:49 — forked from unfo/how-to-oscp-final.md

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@MrMugiwara
MrMugiwara / jsp.py
Last active April 27, 2017 21:49
Joomla python scanner
#!/usr/bin/python
# C0d3d By MrMugiwra
import sys,urllib2,time,httplib
mtucx = 5
@MrMugiwara
MrMugiwara / web-servers.md
Created April 27, 2017 22:10 — forked from willurd/web-servers.md
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@MrMugiwara
MrMugiwara / best_router_for200.txt
Created September 17, 2017 23:21 — forked from faidamine/best_router_for200.txt
Extracting Files (16 Go)
Using FTK Imager and go to (var/www/)
You will find login.pl & index.pl & username.txt & password.txt
login ( admin : iforgotaboutthemathtest )
flag : flag{but_I_f0rgot_my_my_math_test_and_pants}
#!/usr/bin/perl
if ($ENV{'REQUEST_METHOD'} eq "POST") {
@MrMugiwara
MrMugiwara / Pilot_pwn75.py
Created September 17, 2017 23:21 — forked from faidamine/Pilot_pwn75.py
#usr/bin/python
#Faid Mohammed Amine
#Fb : piratuer
from pwn import *
con = remote('pwn.chal.csaw.io',8464)
con.recvuntil("Location:")
@MrMugiwara
MrMugiwara / SCV_pwn100.py
Created September 17, 2017 23:21 — forked from faidamine/SCV_pwn100.py
#usr/bin/python
#Faid Mohammed Amine
#Fb : piratuer
from pwn import *
libc = ELF("libc-2.23.so")
r = remote("pwn.chal.csaw.io", 3764)
@MrMugiwara
MrMugiwara / rev_realism400.py
Created September 17, 2017 23:22
#!/usr/bin/python
from z3 import *
orig = [0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70]
shuf = [0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x65, 0x66, 0x67, 0x68, 0x61, 0x62, 0x63, 0x64]
x = [0xb8, 0x13, 0x0, 0xcd, 0x10, 0xf, 0x20, 0xc0, 0x83, 0xe0, 0xfb, 0x83, 0xc8, 0x2, 0xf, 0x22]
d = [0x270,0x211,0x255,0x229,0x291,0x25E,0x233,0x1F9,0x278,0x27B,0x221,0x209,0x25D,0x290,0x28F,0x2DF]
@MrMugiwara
MrMugiwara / serial_misc50.py
Created September 17, 2017 23:22 — forked from faidamine/serial_misc50.py
#usr/bin/python
#Faid Mohammed Amine
#Fb : piratuer
from pwn import *
import sys
@MrMugiwara
MrMugiwara / TorBrowser_7.x_NoScript_bypass.py
Created September 13, 2018 10:50 — forked from x0rz/TorBrowser_7.x_NoScript_bypass.py
Tor Browser 7.x NoScript bypass vulnerability https://twitter.com/Zerodium/status/1039127214602641409
#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
PORT_NUMBER = 31337
class myHandler(BaseHTTPRequestHandler):
#Handler for the GET requests
def do_GET(self):
self.send_response(200)