Skip to content

Instantly share code, notes, and snippets.

View mmkhitaryan's full-sized avatar

Marat Mkhitaryan mmkhitaryan

9 followers · 55 following
View GitHub Profile
@mmkhitaryan
mmkhitaryan / mrp.py
Last active February 11, 2024 12:51
https://github.com/tortoise/tortoise-orm/discussions/1555
import datetime
from tortoise import Tortoise, fields, timezone
from tortoise.models import Model
NAIVE_DATETIME = datetime.datetime.strptime("2024-2-11","%Y-%m-%d")
class TortoiseModel(Model):
name = fields.CharField(max_length=50, unique=True)
last_register_date = fields.DatetimeField()
@mmkhitaryan
mmkhitaryan / subdomain_finder.js
Created January 6, 2024 17:57
I wanted to find free 2 character netlify subdomain name, but found no :(
function sleep(ms) {
return new Promise(resolve => setTimeout(resolve, ms));
}
function generateRandomString() {
const randomChar1 = String.fromCharCode(Math.floor(Math.random() * 26) + 65); // Random uppercase letter
const randomChar2 = String.fromCharCode(Math.floor(Math.random() * 26) + 65); // Another random uppercase letter
// Concatenate the two characters
const randomString = randomChar1 + randomChar2;
@mmkhitaryan
mmkhitaryan / preobrazovator.py
Created December 7, 2023 18:12
from collections import defaultdict
pid_to_command_line = {}
list_of_all_processes = []
import csv
field_names = None
@mmkhitaryan
mmkhitaryan / hangs.py
Last active September 11, 2022 22:08
import r2pipe
r = r2pipe.open()
r.cmd('ood')
r.cmd('dcu @main')
last_pointer = '1'
while True:
poiner_from_stack = str(r.cmdj('pxqj 8 @rsp')[0])
@mmkhitaryan
mmkhitaryan / run_in_r2.py
Last active September 11, 2022 21:26
Bug in r2pipe?
# r2 /bin/ls
# . ./run_in_r2.py
# 1
# 2
# ... 1000+
import r2pipe
r = r2pipe.open()
@mmkhitaryan
mmkhitaryan / stack_seeker.py
Last active September 5, 2022 20:53
# python stack_seeker.py some_file_in_cwd
import r2pipe
import sys
r = r2pipe.open('/bin/ls')
r.cmd('ood')
r.cmd('aaa')
file_name = sys.argv[1]
@mmkhitaryan
mmkhitaryan / hello.c
Created August 30, 2022 10:13
In original article you need to specify the function address manually. I made it detect the function address automatically.
#include <stdio.h>
#include <unistd.h>
void
f (int n)
{
printf ("Number: %d\n", n);
}
int
@mmkhitaryan
mmkhitaryan / README.md
Last active December 7, 2023 18:25

My router has been crashing when my PC boots, and starts working good after 5 minutes of restart. So I decided to dig into reasons of the crash.

I used tcpdump and made it start on system boot. It collected all the packets, and then used tcpdump replay to try to reproduce the crashes.

When I replayed all the packets, the router crashed as suspected. But I needed to understand what specific packets were the reason of the crashing.

So I started cutting the file in half, (basically binary search) and seeing if the crash happens on. I ended up with ~20 packets, and then choose those packets that are on the scapy script.

I wanted to continue the research of the reasons of the vulnerability, emulate the router firmware and try to crash it. But I did not find router's working firmware anywhere.

@mmkhitaryan
mmkhitaryan / deadlock.py
Created July 4, 2021 19:35
An example of python deadlock
from threading import Lock, Thread
accountone = Lock()
accounttwo = Lock()
def transfer(accountone, accounttwo):
accountone.acquire()
accounttwo.acquire()
print("Transaction done")
accountone.release()
@mmkhitaryan
mmkhitaryan / report.md
Last active February 11, 2024 12:23

File upload leads to Stored XSS

Вдохновение было взято с https://hackerone.com/reports/880099. Из-за того что вы не фильтруете svg картинки то можно загрузить ее на сервер, и получить stored xss. http://51.75.168.24/image.php?id=4742

Чтобы исправить это:

Проблема в том что сервер выставляет заголовок Content-Type в зависимости от загруженного файла. Если настроить nginx на раздачу хедеров только с image/png например то браузер будет выдавать MIME type mismatch on image file.

SSRF -> JWT secret key

config.php требует запроса с localhost. Можно было бы просто подменить host на localhost: