Skip to content

Instantly share code, notes, and snippets.

Karan Lyons karanlyons

View GitHub Profile
@karanlyons
karanlyons / example.md
Last active May 1, 2020
pngen: Makes ECB PNGuins
View example.md

Plaintext:

Plaintext Penguin

Duplicate Plaintext Blocks:
	Total Blocks:                         358414
	Total Duplicates:                     349474
@karanlyons
karanlyons / IA.json
Created Feb 6, 2020
Iowa Caucus 2020 JSON Results
View IA.json
This file has been truncated, but you can view the full file.
@karanlyons
karanlyons / smuggler.py
Last active Aug 19, 2019
Burp Suite is for chumps.
View smuggler.py
#!/bin/env python3
import dataclasses
import re
import socket
import ssl as _ssl
import types
from collections import namedtuple, OrderedDict
from dataclasses import dataclass
from io import StringIO
from itertools import chain
@karanlyons
karanlyons / lazyString.ts
Last active Aug 7, 2019
Procrastinate till you evaluate.
View lazyString.ts
export type StringReturningFunction = (...args: any[]) => string;
interface LazyString extends String {}
interface LazyStringConstructor {
new <F extends StringReturningFunction>(
func: F,
...args: Parameters<F>
): LazyString;
<F extends StringReturningFunction>(func: F, ...args: Parameters<F>): string;
@karanlyons
karanlyons / format.ts
Last active Aug 6, 2019
Add translator friendly markup to translatable strings.
View format.ts
export type Formatters = { [k: string]: (s: string) => string };
export class FormatError extends Error {
constructor(
public message: string,
public str: string,
public formatters: Formatters,
public tag: string
) {
super();
View teamcity-poc-link.text
@karanlyons
karanlyons / payloadPack.js
Last active Jul 26, 2019
Char wise, byte foolish.
View payloadPack.js
const pack = s =>
s.match(/^[\u0000-\u00ff]*$/)
? s
.split("")
.map(s => s.charCodeAt())
.reduce(
(pairs, c) =>
(
!c || pairs[pairs.length - 1].length === 2
? pairs.push(...(c? [[c]] : [[c], []]))
@karanlyons
karanlyons / ZoomDaemon.yara
Last active May 16, 2020
Fixes for Zoom, RingCentral, Zhumu (and additional white labels) RCE vulnerabilities
View ZoomDaemon.yara
private rule Macho
{
meta:
description = "private rule to match Mach-O binaries (copied from Apple's XProtect)"
condition:
uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca
}
rule ZoomDaemon
{
View testcase.html
<html>
<head>
<style>
#left, #right, #test {
display: block;
z-index: 0;
}
#left {
float: left;
View pypy_ssl_after_fork_bug.py
import os
from http.client import HTTPSConnection
from time import sleep
def request():
connection = HTTPSConnection('httpbin.org')
connection.request('GET', '/headers')
return connection.getresponse().read()
You can’t perform that action at this time.