Dzmitry Savitski dzmitry-savitski
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/ymartin59/java-kerberos-sfudemo/blob/df1f7dfd4801b06f1debc923e1cce4416ec02a7c/src/main/java/sfudemo/KerberosDemo.java#L154 |
dzmitry-savitski
/ oracle.sh
Created
December 15, 2023 13:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| while true | |
| do | |
| oci resource-manager job create-apply-job --stack-id ocid1.ormstack.oc1.iad.<id> --execution-plan-strategy AUTO_APPROVED | |
| sleep 300 | |
| done |
dzmitry-savitski
/ studocu.com unblur
Created
November 4, 2023 11:50
Studocu uBlock Origin unblur, remove banner, latest 2023
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| studocu.com##div[style="display: block; user-select: none; filter: blur(4px);"]:style(filter: none !important;) | |
| studocu.com##[id^="pf"] > [class^="_"] |
dzmitry-savitski
/ jenkins_decrypt.py
Created
October 2, 2022 00:12
Jenkins decrypt credentials.xml python 3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import re | |
| import sys | |
| import base64 | |
| from hashlib import sha256 | |
| from binascii import hexlify, unhexlify | |
| from Crypto.Cipher import AES | |
| MAGIC = b"::::MAGIC::::" |
dzmitry-savitski
/ user-name-rules.txt
Last active
April 20, 2020 20:24
Generate user name lists suitable for brute force attacks from first name and last name using these John the Ripper rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generate loins from First name & Last name wordlist (case insensitive) | |
| # https://dzmitry-savitski.github.io/2020/04/generate-a-user-name-list-for-brute-force-from-first-and-last-name | |
| [List.Rules:Login-Generator-i] | |
| # johndoe | |
| %1?w l Dp | |
| # john_doe | |
| %1?w l op_ |
dzmitry-savitski
/ vh.py
Last active
December 13, 2019 09:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author: Dzmitry Savitski | |
| # Get a new version at: https://github.com/dzmitry-savitski/vhost_bruteforcer | |
| from __future__ import print_function | |
| import requests | |
| import urllib3 | |
| import argparse | |
| import netaddr | |
| from termcolor import colored |
dzmitry-savitski
/ domain_checker.sh
Last active
March 19, 2019 11:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| for domain in $(cat $1); | |
| do | |
| # -L - follow redirect | |
| # echo [http://$domain] - $(curl -w '%{size_download}' --output /dev/null -s http://$domain); | |
| echo [https://$domain] - $(curl -w '%{size_download}' -L --insecure --max-time 2 --output /tmp/out/$domain.https.html -s https://$domain); | |
| done; |
dzmitry-savitski
/ xpath_bruter_or.py
Last active
March 1, 2019 07:08
Modified XPath injection module for recon-ng for 'OR' injections.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from __future__ import print_function | |
| from recon.core.module import BaseModule | |
| import urllib | |
| import sys | |
| # List of modifications: | |
| # - swaped from and to or condition | |
| # - added option to invers True/False strings | |
| # - headers are now also checked for unique string | |
| # - connection exceptions are handled |
dzmitry-savitski
/ ShellController.java
Created
January 29, 2018 11:33
Spring MVC shell using controller and AsyncContext
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.dsavitski.vulnerable.controllers; | |
| import org.springframework.stereotype.Controller; | |
| import org.springframework.web.bind.annotation.RequestMapping; | |
| import org.springframework.web.bind.annotation.RequestMethod; | |
| import org.springframework.web.bind.annotation.ResponseBody; | |
| import javax.servlet.AsyncContext; | |
| import javax.servlet.ServletInputStream; | |
| import javax.servlet.ServletOutputStream; |