Skip to content

Instantly share code, notes, and snippets.

🔴
<script>alert(1);</script>

Edoardo Rosa edoz90

🔴
<script>alert(1);</script>
Block or report user

Report or block edoz90

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@edoz90
edoz90 / mashell.py
Last active Oct 20, 2019
Execute command using HEX or CHAR encoding. Bypass WAF and IPS filtering enabling RCE using xp_cmdshell
View mashell.py
#!/usr/bin/env python3
# Injector script to get a pseudo-interactive shell using xp_cmdshell
# Source post:
# Author: edoz90 (dodo)
# https://twitter.com/_d_0_d_o_
#
# USAGE: python3 ./mashell.py "whoami /priv"
#
import binascii
import hashlib
@edoz90
edoz90 / parse_dump.py
Last active Jul 31, 2019
Parse `sqlmap` dumps from data breaches or leaks file into a JSON file
View parse_dump.py
#!/usr/bin/env python3
# -*- encoding: ascii -*-
#
# AUTHOR: Edoardo Rosa edoz90 https://github.com/edoz90
#
# DESCRIPTION: Parse `sqlmap` dumps from data breaches or leaks into JSON files
#
# Some files have shitty encoding/chars and they must be educated:
# sed -i 's/[^[:print:]\t]//g; s/\\r//g' *.txt
import click
View OSCPbuffer.md

Speed up videos

document.getElementById("video").playbackRate = 1.5;

VPN - NM

[vpn]
dev-type=tap
@edoz90
edoz90 / cleanvba.zsh
Created Dec 31, 2018
Clean VBA: this script should remove unused variables in obfuscated VBAs (should work also for other files)
View cleanvba.zsh
#!/usr/bin/env zsh
#
toclean=${1}
while read line; do
local length=$(echo -n ${line} | \wc -m)
if [[ ${length} -ge 50 ]]; then
local match=$(echo ${line} | \awk '{print $1}')
local file_match=$(\rg -i ${match} * -c | \awk -F ':' '{print $1}')
@edoz90
edoz90 / add_wp_user.sql
Created Nov 6, 2018
Add a Wordpress Admin user from MySQL
View add_wp_user.sql
INSERT INTO `wp_users` (`user_login`, `user_pass`, `user_nicename`, `user_email`, `user_status`) VALUES ('edoz90', MD5('passwordASD'), 'administrator', 'asd@asd.it', '0');
INSERT INTO `wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, (SELECT max(id) FROM wp_users), 'wp_capabilities', 'a:1:{s:13:"administrator";s:1:"1";}');
INSERT INTO `wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, (SELECT max(id) FROM wp_users), 'wp_user_level', '10');
@edoz90
edoz90 / steghide_brute.py
Last active Sep 8, 2019
CTF Multicore bruteforcer for `steghide`
View steghide_brute.py
#!/usr/bin/env python3
# -*- encoding: utf-8 -*-
import multiprocessing as mp
import os
import subprocess
import time
import sys
try:
import click
from colored import fg, stylize
@edoz90
edoz90 / caesar.py
Last active May 4, 2018
Caesar Cipher bruteforcer with basic support for advanced string trasformation
View caesar.py
#!/usr/bin/env python3
import sys
import base64
try:
import click
except Exception as e:
print(e)
print("Install click")
sys.exit(-1)
@edoz90
edoz90 / anti-memcached.py
Last active Mar 12, 2018
List of all memcached servers from shodan and script to kill (flush_all) DDoSing IPs.
View anti-memcached.py
#!/usr/bin/env python
import json
import socket
import urllib.request
from random import shuffle
def send_flush(s):
s.sendall("{}\r\n".format("flush_all").encode())
print(s.recv(4096).decode().strip())
@edoz90
edoz90 / windows_list.zsh
Last active Sep 13, 2019
Prints windows list on focused desktop (bspwm) with dedicated icons
View windows_list.zsh
#!/usr/bin/env zsh
#Get id of all non-floating windows on current desktop
WINDOWS=(${(f)"$(bspc query -N -d focused -n .window)"})
#Get id of currently focused window
FOCUSED="$(bspc query -N -d focused -n .focused.window)"
FORMAT="-f3-"
@edoz90
edoz90 / share_eth0.zsh
Created Feb 7, 2018
Share WIFI network with a wired device (i.e.: RaspberryPI) using dnsmasq
View share_eth0.zsh
#!/usr/bin/env zsh
INTERFACE_WIRED="enp6s0"
INTERFACE_INTERNET="wlp2s0"
sudo ip addr add 192.168.2.1/24 dev ${INTERFACE_WIRED}
# NAT
sudo iptables -A FORWARD -o eth0 -i ${INTERFACE_WIRED} -s 192.168.2.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -F POSTROUTING
You can’t perform that action at this time.