Skip to content

Instantly share code, notes, and snippets.

View SkypLabs's full-sized avatar
💭
💻🎧☕📖

Skyper SkypLabs

💭
💻🎧☕📖
69 followers · 25 following
View GitHub Profile
@SkypLabs
SkypLabs / README.md
Last active December 1, 2019 22:10
Convert a string into character codes

String to character codes

This small Python script converts a string into character codes.

JavaScript XSS payload

Character codes are useful in XSS payloads when single and/or double quote characters can't be used to surround a string (escaped or removed from the payload). The JavaScript method [String.fromCharCode()][String.fromCharCode()] converts back the character codes into a string.

Example:

@SkypLabs
SkypLabs / google_api_keys_finder.js
Last active April 8, 2021 14:43
OWASP ZAP - Passive Scanner - Google API keys finder
/*
* Google API keys finder by SkypLabs.
* https://blog.skyplabs.net
* @SkypLabs
*/
function scan(ps, msg, src) {
var alertRisk = 0; // Informational
var alertConfidence = 3; // High
var alertTitle = "Information Disclosure - Google API Keys Found";
@SkypLabs
SkypLabs / README.md
Last active April 7, 2022 17:21
CVE-2021-23632

Overview

Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to missing sanitisation in the Git.git method, which allows execution of OS commands rather than just Git commands.

Steps to Reproduce

  1. Create a file named exploit.js with the following content:

    

    2. 



var Git = require("git").Git;



  


  




    


          
    

      

        
        

          

              @SkypLabs
          

          

            
                SkypLabs
                / README.md
            
            

              Created
              February 7, 2022 14:50
            

              
                CVE-2021-23732
              
          

        

      

        

  

      

    
Overview


Affected versions of this package are vulnerable to Arbitrary Code Execution. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.


Steps to Reproduce


    

  1. 

    Create a file named exploit.js with the following content:
    

    

    2. 



var dockerCLI = require('docker-cli-js');



  


  




    


          
    

      

        
        

          

              @SkypLabs
          

          

            
                SkypLabs
                / Dockerfile
            
            

              Last active
              June 2, 2022 22:37
            

              
                [Angular] Running unit tests with Chromium in a Docker container: http://blog.skyplabs.net/2017/08/29/angular-running-unit-tests-with-chromium-in-a-docker-container/
              
          

        

      

        

  

    
    


        



  


  

        

          
          FROM docker.io/node:8-stretch
        

        

          
          

        

        

          
          LABEL net.skyplabs.maintainer-name="Paul-Emmanuel Raoul"
        

        

          
          LABEL net.skyplabs.maintainer-email="skyper@skyplabs.net"
        

        

          
          

        

        

          
          ENV DEBIAN_FRONTEND=noninteractive
        

        

          
          

        

        

          
          RUN apt-get update \
        

        

          
              && apt-get install -y --no-install-recommends chromium
        

  





    


  




    


          
    

      

        
        

          

              @SkypLabs
          

          

            
                SkypLabs
                / README.md
            
            

              Last active
              October 27, 2022 09:42
            

              
                Set up CodeQL language server in coc.nvim
              
          

        

      

        

  

      

    
Set up CodeQL language server in coc.nvim


CodeQL CLI includes a language server which can be easily set up in coc.nvim by adding the content of this coc-settings.json file to your own configuration file.


Given that coc.nvim uses Vim filetype detection system and not file extensions, you need to let Vim know about *.ql files being CodeQL files. One way to do that is to add codeql.vim to ~/.vim/ftdetect.



  


  




    


          
    

      

        
        

          

              @SkypLabs
          

          

            
                SkypLabs
                / sniff_main_thread.py
            
            

              Last active
              April 24, 2023 12:05
            

              
                Multiple code examples used to demonstrate some issues and a solution to sniff network packets inside a thread using Scapy
              
          

        

      

        

  

    
    


        



  


  

        

          
          from scapy.all import *
        

        

          
          

        

        

          
          interface = "eth0"
        

        

          
          

        

        

          
          def print_packet(packet):
        

        

          
              ip_layer = packet.getlayer(IP)
        

        

          
              print("[!] New Packet: {src} -> {dst}".format(src=ip_layer.src, dst=ip_layer.dst))
        

        

          
          

        

        

          
          print("[*] Start sniffing...")
        

        

          
          sniff(iface=interface, filter="ip", prn=print_packet)