Skip to content

Instantly share code, notes, and snippets.

💭
I may be slow to respond.

David Busby Oneiroi

💭
I may be slow to respond.
Block or report user

Report or block Oneiroi

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@Oneiroi
Oneiroi / rand_pass.py
Last active Aug 23, 2018 — forked from bergantine/gist:1119284
Python Random Password Generator (One Liner). #python #password
View rand_pass.py
python -c "from string import printable; from random import choice; print ''.join([choice(printable) for i in range(32)])"
@Oneiroi
Oneiroi / Unsolved crypto challenge since 2015-11-26
Last active Dec 4, 2017
This crypto challenege of my own devising has gone unsolved since I created it on 2015-11-26, can you recover the flag ?
View Unsolved crypto challenge since 2015-11-26
596f7527766520676f7420736f6d6520776f726b206168656164206f6620796f753a20546d56346443427a644756774f6941304d545a6a4e6d51325a6a637a4e7a51794d4463304e6a67324e5463794e6a557a595449774e4745304e6a55304e444d304d544d324e474d314d44526d4e5455314d5451334e4463314f54526a4e4759304e5451794e5745304e7a52694e546b30597a51314e4455304d6a4d794e4463314d544d794e474d314e4451324e5445314d5451314e544d304f5451304e5467305a5451324e5463304e7a55354e446b304e44517a4e4759314e6a4d304e544d304d544d324e474d314d44526d4e5455314d5451334e444d304f5451304e5445305a5451324e5467304f4451354e446b304e4455794e4759314e6a55344e5467304f5456684e4745304d54526b4e4755314f4455334e446b31595452684d7a49304e5451784e5745304e4451784e475130595455324e4463304e5455354e5451304e54526c4e5449305a5452684e4449304d5455324e4463314d7a51794e475530596a4d314e4749304e54526b4d32517a5a444e6b
@Oneiroi
Oneiroi / gsuite_backdoor.py
Created Nov 2, 2017 — forked from ustayready/gsuite_backdoor.py
Quickly create a full-access backdoor on Google accounts by creating a Google API project at https://cloud.google.com/console, save the client_secrets.json into the same folder and then run the script below. It will print a URL for you to access with a browser that has the compromised Google account session active so you can authorize the applic…
View gsuite_backdoor.py
#!/usr/bin/env python
import os
from oauth2client import client, tools
from oauth2client.file import Storage
SCOPES = 'https://www.googleapis.com/auth/calendar https://mail.google.com/ https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/groups https://www.googleapis.com/auth/admin.directory.user'
def get_credentials():
credential_dir =os.getcwd()
client_secret_path = os.path.join(credential_dir, 'client_secrets.json')
@Oneiroi
Oneiroi / 44con_talks_watch.sh
Last active Aug 9, 2018
44con talks page watch
View 44con_talks_watch.sh
#!/bin/bash
OS=`uname`
URL44CON="https://44con.com/44con/44con-2018/44con-2018-schedule/"
#SET this to rickroll or w/e just make sure your speakers are on full volume
YTALERT="https://www.youtube.com/watch?v=H91rPIq2mN4"
if [ "Darwin" == "${OS}" ]; then
BROWSER="open";
elif [ "Linux" == "${OS}" ]; then
View gist:099fc426cc468887994d45f21a6d978a
Mirror of https://zerobin.net/?06dae5d45335d2b4#m8FRD5qfMgH1rxjVH4oAjHvOMxJArCGp9UIogpmsnHg= (Since remove)
Pulled from https://archive.fo/5Vbc9
Reddit thread https://www.reddit.com/r/netsec/comments/5mw510/discussion_of_a_new_potential_exploit_for_openssl/
Original text now follows:
I'm glad more people are in here now. It gets much, much worse than this.
The post below literally says "if you have the password, you can generate the key and open the file.
View This is how you watch for a pre-order
while true; do curl -H'User-agent: AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.125 Safari/537.36' -s 'http://www.game.co.uk/webapp/wcs/stores/servlet/HubArticleView?hubId=639265&articleId=639266&catalogId=10201&langId=44&storeId=10151&&cm_mmc=Facebook-_-Digital-_-Fallout4-_-Link#NaN' | grep 'Check back later today' || chromium https://www.youtube.com/watch?v=H91rPIq2mN4; sleep 10; done
View rpi2_cluster_prep_sdcard.sh
#
# ensure CWD contains dirs root and boot
# ensure sd card has not automounted elsewhere
# ensure ArchARM-rpi2.tgz exists in CWD
# ensure partitions configured as per: http://archlinuxarm.org/platforms/armv7/broadcom/raspberry-pi-2
#
mkfs.vfat /dev/mmcblk0p1 && \
mount /dev/mmcblk0p1 ./boot && \
mkfs.ext4 /dev/mmcblk0p2 && \
mount /dev/mmcblk0p2 ./root && \
View Check server
openssl s_client -cipher EXPORT -connect domain.com:443 < /dev/null 2>/dev/null | grep SSL-Session | wc -l
View rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
View find-libc-in-memory-of-processes-run-as-root.py
import os, glob, re
def main():
p = re.compile('^([0-9a-f]+-[0-9a-f]+)\s[a-z\-]{4}\s[0-9a-f]{8}\s[a-z0-9]{2}\:[a-z0-9]{2}\s[0-9]+\s+(.*)$')
smaps = glob.glob('/proc/[0-9]*/smaps')
for smap in smaps:
lines = open(smap).readlines()
for line in lines:
m = p.match(line)
if m and 'libc' in line:
name = open(smap.replace('smaps','status')).readlines()[0]
You can’t perform that action at this time.