Skip to content

Instantly share code, notes, and snippets.

View nmcv's full-sized avatar

NM nmcv

26 followers · 99 following
  • United States
View GitHub Profile
@nmcv
nmcv / ssltest.py
Created April 10, 2014 14:22 — forked from ixs/ssltest.py
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
#
# Modified slightly by Andreas Thienemann <athienemann@schubergphilis.com> for clearer exploit code
# and 64k reads
#
# This version of the exploit does write received data to a file called "dump" in the local directory
# for analysis.
@nmcv
nmcv / ssltest.py
Created April 10, 2014 12:31 — forked from ixs/ssltest.py
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
#
# Modified slightly by Andreas Thienemann <athienemann@schubergphilis.com> for clearer exploit code
# and 64k reads
#
# This version of the exploit does write received data to a file called "dump" in the local directory
# for analysis.
@nmcv
nmcv / unicoin_miner.js
Created April 2, 2014 06:55
Another Stackexchange/overflow unicode miner. Runs in the browser after authentication.
(function uniMine()
{
$.getJSON('/unicoin/rock', function(data)
{
setTimeout(function()
{
$.post('/unicoin/mine?rock=' + data.rock, {fkey: StackExchange.options.user.fkey});
}, 10000);
});
setTimeout(uniMine, 11000);
@nmcv
nmcv / stackoverflow_unicoin_miner.py
Created April 1, 2014 22:04
Used to mine unicoins @ stackoverflow.com on April 1
#!/bin/env python3
import re
import time
import requests
sleep_time = 10
needs_sleep = False
# Target-related
@nmcv
nmcv / pyrequests_urllib_stub.py
Created March 30, 2014 22:33
Python-requests and Urllib code stub
#!/bin/env python3
from itertools import combinations
import re
import string
import requests
# Target-related
url = "http://www.linkedin.com/redir/redirect?url=http%3A%2F%2Fblog%2Esuperl33tsite%2Ecom%2F&urlhash="
@nmcv
nmcv / brute_server.py
Created February 24, 2014 10:53
Codegate 2014 web "120" PoC
#!/bin/env python3
import string
import urllib
from urllib.request import urlopen
import requests # <- bitch (always URL-encodes POST data)
url = "http://58.229.183.24/5a520b6b783866fd93f9dcdaf753af08/index.php"
cookie_jar = []
cnt = 0
@nmcv
nmcv / chrome.console.log.js
Created February 15, 2014 21:09
Add timestamp or tamper with console.log any way you want, including format string specifiers ("%s", "%d" etc.) support
console.logCopy = console.log.bind(console);
console.log = function()
{
// Timestamp to prepend
var timestamp = new Date().toJSON();
if (arguments.length)
{
// True array copy so we can call .splice()
@nmcv
nmcv / coursera-crypto009-hw2-q4.py
Created February 4, 2014 11:58
Coursera/Crypto009 (Feb 2014) Homework 2, Question 4
# crypto009, homework 2, question 4
# Lefts
l1_0 = "9d1a4f78" # 0^64
l1_1 = "75e5e3ea" # 1^32,0^32
l2_0 = "5f67abaf" # ditto
l2_1 = "bbe033c0"
l3_0 = "4af53267" # ditto
@nmcv
nmcv / predict_java_random_seed.java
Last active August 29, 2015 13:55
Java's Random PRG "seed" prediction. Ideone ready.
/* package whatever; // don't place package name! */
import java.util.*;
import java.lang.*;
import java.io.*;
/* Name of the class has to be "Main" only if the class is public. */
class Ideone
{
private static long multiplier = 0x5DEECE66DL;
@nmcv
nmcv / google_speech2text.md
Created February 1, 2014 18:19 — forked from alotaiba/google_speech2text.md

Google Speech To Text API

Base URL: https://www.google.com/speech-api/v1/recognize
It accepts POST requests with voice file encoded in FLAC format, and query parameters for control.

Query Parameters

client
The client's name you're connecting from. For spoofing purposes, let's use chromium

lang
Speech language, for example, ar-QA for Qatari Arabic, or en-US for U.S. English