Skip to content

Instantly share code, notes, and snippets.

I may be slow to respond.

Wen Bin kongwenbin

I may be slow to respond.
View GitHub Profile
kongwenbin / cloud_metadata.txt
Created Jul 13, 2018 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
kongwenbin /
Last active Apr 30, 2018
Modified exploit for WordPress Plugin Advanced Video 1.0 - Local File Inclusion - fixed the SSL issue
#!/usr/bin/env python
# Exploit Title: Advanced-Video-Embed Arbitrary File Download / Unauthenticated Post Creation
# Google Dork: N/A
# Date: 04/01/2016
# Exploit Author: evait security GmbH
# Vendor Homepage: arshmultani -
# Software Link:
# Version: 1.0
# Tested on: Linux Apache / Wordpress 4.2.2
kongwenbin / 39772.txt
Created Apr 22, 2018
A mirror of the content stored in 39772.txt obtained through
View 39772.txt
In Linux >=4.4, when the CONFIG_BPF_SYSCALL config option is set and the
kernel.unprivileged_bpf_disabled sysctl is not explicitly set to 1 at runtime,
unprivileged code can use the bpf() syscall to load eBPF socket filter programs.
These conditions are fulfilled in Ubuntu 16.04.
When an eBPF program is loaded using bpf(BPF_PROG_LOAD, ...), the first
function that touches the supplied eBPF instructions is
replace_map_fd_with_map_ptr(), which looks for instructions that reference eBPF
kongwenbin /
Created Dec 30, 2017
A simple function to decode base64 encoded content designed for VulnHub VM - FristiLeaks v1.3
#Wrote this simple function to solve the CTF designed for FristiLeaks v1.3 VulnHub VM
import base64,codecs,sys
def decodeString(str):
decode = codecs.decode(str[::-1], 'rot13')
return base64.b64decode(decode)
print cryptoResult