Skip to content

Instantly share code, notes, and snippets.

View ax0us's full-sized avatar

ax0us

31 followers · 202 following
View GitHub Profile
@worawit
worawit / cve-2015-0240_samba_poc
Last active March 30, 2024 15:03
PoC for Samba vulnerabilty (CVE-2015-0240)
#!/usr/bin/python
"""
PoC for Samba vulnerabilty (CVE-2015-0240) by sleepya
This PoC does only triggering the bug
Reference:
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
#################
Exploitability against CentOS/Ubuntu binaries
@jamescmartinez
jamescmartinez / snapchat_decrypt.rb
Last active July 14, 2025 13:14
Snapchat Image Decrypt - This Ruby script decrypts the blob received from the `bq/blob` endpoint. Many thanks to @kivikakk, @adamcaudill, @tlack, and @NeilHanlon for inspiration, code, guides, and of course, the encryption key.
#!/usr/bin/env ruby
require 'openssl'
data = File.open('blob', 'r:ASCII-8BIT').read
c = OpenSSL::Cipher.new('AES-128-ECB')
c.decrypt
c.key = 'M02cnQ51Ji97vwT4'
o = ''.force_encoding('ASCII-8BIT')
data.bytes.each_slice(16) { |s| o += c.update(s.map(&:chr).join) }
@jedp
jedp / gist:3005816
Created June 27, 2012 18:18
postMessage() security review checklist

Security-Reviewing Uses of postMessage()

The postMessage() API is an HTML5 extension that permits string message-passing between frames that don't share the same origin. It is available in all modern browsers. It is not supported in IE6 and IE7.

postMessage is generally considered very secure as long as the programmer is careful to check the origin and source of an arriving