Skip to content

Instantly share code, notes, and snippets.

Avatar
:octocat:
BugBounty

Mehtab Zafar mzfr

:octocat:
BugBounty
View GitHub Profile
View rubikstega.py
# Values from the white paper
EXAMPLE_PHDR = 'L2 F\' B2 U D2 B U D\' F2 L\' F U2 R U\' L\' R\' U\' B F D U\''.split(" ")
EXAMPLE_LHDR = 'B U2 D2 R\' F U2 B R L\' B L\' B L\' D F\' L U\' B2 R F2 L\' F2'.split(" ")
EXAMPLE_MSG = 'F L U2 L2 F\' B D\' B2 L\' B\' U L2 F\' R2 D\' B\' U\' L\' B R D2 L2 R\' B F2 D\' U R B D2 U2 R2 U\' F2 R2 F D F2 B2 D\' R\' D R\' U\' F\' B2 U F2 D R U L F U2 L2 D R B D\' B\' U L U\''.split(" ")
# Values from the challenge
CHALL_PHDR = 'B2 R U F\' R\' L\' B B2 L F D D\' R\' F2 D\' R R D2 B\' L R'.split(" ")
CHALL_LHDR = 'L\' L B F2 R2 F2 R\' L F\' B\' R D\' D\' F U2 B\' U U D\' U2 F\''.split(" ")
CHALL_MSG = 'L F\' F2 R B R R F2 F\' R2 D F\' U L U\' U\' U F D F2 U R U\' F U B2 B U2 D B F2 D2 L2 L2 B\' F\' D\' L2 D U2 U2 D2 U B\' F D R2 U2 R\' B\' F2 D\' D B\' U B\' D B\' F\' U\' R U U\' L\' L\' U2 F2 R R F L2 B2 L2 B B\' D R R\' U L'.split(" ")
@dufferzafar
dufferzafar / allah-and-gsoc-irc-chat.txt
Last active May 18, 2020
"Allah & GSoC" - an excerpt from #gsoc IRC channel.
View allah-and-gsoc-irc-chat.txt
[6:48 pm] <Guest25582> http://oortr.com/YmU5NT
[6:48 pm] <valorie> rather than pasting a random link, why not say what it is, Guest25582?
[6:48 pm] <Guest25582> Allah is doing
[6:48 pm] <Guest25582> sun is not doing Allah is doing
[6:48 pm] <Guest25582> moon is not doing Allah is doing
[6:48 pm] <meflin> this channel is about GSOC
[6:48 pm] <Guest25582> stars are not doing Allah is doing
[6:48 pm] <valorie> please stay on topic or leave, Guest25582
[6:48 pm] <Guest25582> planets are not doing Allah is doing
[6:48 pm] <valorie> pfff
@intrd
intrd / many_time_pad_attack.py
Last active Mar 1, 2021
OTP - Recovering the private key from a set of messages that were encrypted w/ the same private key (Many time pad attack) - crypto100-many_time_secret @ alexctf 2017
View many_time_pad_attack.py
#!/usr/bin/python
## OTP - Recovering the private key from a set of messages that were encrypted w/ the same private key (Many time pad attack) - crypto100-many_time_secret @ alexctf 2017
# @author intrd - http://dann.com.br/
# Original code by jwomers: https://github.com/Jwomers/many-time-pad-attack/blob/master/attack.py)
import string
import collections
import sets, sys
# 11 unknown ciphertexts (in hex format), all encrpyted with the same key
@tobi
tobi / kindle.rb
Last active Apr 5, 2021
Download your Kindle Highlights to local markdown files. Great for Obsidian.md.
View kindle.rb
#!/usr/bin/env ruby
# gem install active_support
require 'active_support/inflector'
require 'active_support/core_ext/string'
# gem install webrick (only ruby3)
require 'webrick'
# gem install mechanize
@multiplex3r
multiplex3r / loadPcap.py
Last active Apr 15, 2021
Load a PCAP into neo4j with scapy
View loadPcap.py
#!/usr/bin/env python3
from scapy.all import *
from py2neo import Graph, Node, Relationship
packets = rdpcap("<your_pcap_file>")
g = Graph(password="<your_neo4j_password>")
for packet in packets.sessions():
pkt = packet.split()
@securityMB
securityMB / twitter-quiz.md
Last active Jul 16, 2021
Twitter quiz solution
View twitter-quiz.md

Yesterday I posted a little quiz on Twitter about HTML parsing.

The question was: what element is going to be the parent of the final <s> in the following snippet of HTML:

<div><table><svg><foreignObject><select><table><s>

The final answers are:

@Steven-Rose
Steven-Rose / gist:3943830
Created Oct 24, 2012
VI: Select all + delete, select all + copy
View gist:3943830
Select all and delete (actually move to buffer)
:%d
Select all and copy to buffer
:%y
Use p to paste the buffer.
@me0wday
me0wday / BlindGraphQL.md
Last active Aug 3, 2021
Blind Graphql Discovery to Altair Schema
View BlindGraphQL.md

Playing with GraphQL when introspection is disabled

Quick write up on extracting a GraphQL schema when introspection is disabled. Bits and pieces sourced from various sources. Successfully tested on an Apollo instance.

TLDR: Some GraphQL instances provide name autocomplete suggestions. Some peeps have written tools to automate the extraction process. (ref https://youtu.be/nPB8o0cSnvM).

1. Bruteforce schema without introspection

First step is using a tool called clairvoyance by @nikitastupin (https://github.com/nikitastupin/clairvoyance). I found the main repo to lack error handling and support for additional features such as proxy.

@EdOverflow
EdOverflow / broken_link_hijacking.md
Last active Aug 7, 2021
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
View broken_link_hijacking.md
View Sublime Text 3 Build 3103 License Key - CRACK
I use the first
—– BEGIN LICENSE —–
Michael Barnes
Single User License
EA7E-821385
8A353C41 872A0D5C DF9B2950 AFF6F667
C458EA6D 8EA3C286 98D1D650 131A97AB
AA919AEC EF20E143 B361B1E7 4C8B7F04