Skip to content

Instantly share code, notes, and snippets.

View NicolaiSoeborg's full-sized avatar

Nicolai Søborg NicolaiSoeborg

44 followers · 35 following
View GitHub Profile
@NicolaiSoeborg
NicolaiSoeborg / trio-https-raw-socket.py
Created December 28, 2023 16:26
nc/socat like raw socket access to HTTPS
import trio
DOMAIN = "example.com"
PATH = "/"
async def main():
s0 = await trio.open_ssl_over_tcp_stream(DOMAIN, 443, https_compatible=True)
# Request a connection to the website
await s0.send_all(f"GET {PATH} HTTP/1.1\r\nHost: {DOMAIN}\r\n\r\n".encode())
@NicolaiSoeborg
NicolaiSoeborg / Caddy-ACME-CAA-setup.md
Last active November 4, 2023 16:22
Enabling ACME-CAA for Caddy and Let's Encrypt

  1. TL;DR: Grab this value jq -r '.location' $(sudo -u caddy caddy environ | awk -F'=' '/^caddy.AppDataDir=/{print $2"/acme/acme-v02.api.letsencrypt.org-directory/users/*/caddy.json"}') and jump to step 4.

  2. In your Caddyfile you should add an email to the Global Options Block:

{
	email demo@example.com
}
@NicolaiSoeborg
NicolaiSoeborg / sqlmap-helper.py
Created October 15, 2023 19:11
Often sqlmap can't do what you want it to do, so this is a small helper to run a flask server locally and exploit 127.0.0.1:5000
import httpx
from flask import Flask, request
URL = 'http://example.com/vuln'
client = httpx.Client(http2=True)
app = Flask(__name__)
@app.route("/vuln")
def hello_world():
param = request.args['q']
@NicolaiSoeborg
NicolaiSoeborg / socat - mitm - docker-compose.yml
Last active December 31, 2023 15:50
Docker (compose) socat mitm debug memcached
version: '3.8'
services:
web:
build: ./
ports:
- "5000:80"
depends_on:
- memcached
@NicolaiSoeborg
NicolaiSoeborg / angr-solve.py
Created August 7, 2023 10:22
Angr boilerplate
import angr
proj = angr.Project("./chal", auto_load_libs=False)
state = proj.factory.entry_state()
simgr = proj.factory.simulation_manager(state)
simgr.explore(find=lambda s: b"Correct!" in s.posix.dumps(1))
# Out[6]: <SimulationManager with 2 active, 34 deadended, 1 found>
print(simgr.found[0].posix.dumps(0))
@NicolaiSoeborg
NicolaiSoeborg / ssh422-polyglot.py
Created August 5, 2023 12:30
SSH + HTTP Polyglot
import trio # python3 -m pip install --upgrade trio
HTML = "<html>Hello World!</html>"
HTTP_BANNER = f"HTTP/1.1 200 OK\nContent-Length: {len(HTML)+1}\n\n{HTML}\n".encode()
async def forward_from_a_to_b(a, b):
async for chunk in a:
print(f"=> {chunk}", flush=True)
await b.send_all(chunk)
@NicolaiSoeborg
NicolaiSoeborg / antiyoy.java
Created July 24, 2023 10:45
antiyoy transfer progress
/*
Code to unlock all (176) levels:
* face3 (sad face)
* radioactive_ring
* triangle
* skull
* square
*/
import java.util.Arrays;
import java.util.Random;
@NicolaiSoeborg
NicolaiSoeborg / hook-method-in-binary.c
Created March 12, 2023 10:55
hook method in binary
#include <string.h>
/*
gcc -c -o hook.o hook.c
gcc -shared -o hook.so hook.o
LD_PRELOAD=./hook.so ./binary
*/
int getentropy(char *s, int size) {
memset(s, 0x41, size);
@NicolaiSoeborg
NicolaiSoeborg / Caddyfile
Last active September 24, 2022 19:10
Trying to make a Signal bridge using Caddy webserver
# Edit: this doesn't work, I can't get the upstream part to be "raw"
# Also this error: "http.request.tls.server_name" will be "signal.xn--sb-lka.org" and not the inner SNI
signal.xn--sb-lka.org {
#respond / "HELLO"
map {http.request.tls.server_name} {my_placeholder} {
chat.signal.org "chat.signal.org:443"
ud-chat.signal.org "chat.signal.org:443"
textsecure-service.whispersystems.org "chat.signal.org:443"
@NicolaiSoeborg
NicolaiSoeborg / motion.py
Created May 1, 2022 11:12
Motion detection PiCamera
from io import BytesIO
from time import sleep, time
from picamera import PiCamera
from PIL import Image, ImageChops
import numpy as np
def take_image(cam, stream):
stream.seek(0)
# stream.truncate() # resize to current position
print("Taking image")