Skip to content

Instantly share code, notes, and snippets.

Avatar
🔴
<script>alert(1);</script>

Edoardo Rosa notdodo

🔴
<script>alert(1);</script>
View GitHub Profile
@notdodo
notdodo / extractrsa.py
Created May 1, 2020
Old script use to extract shared prime from a number of public RSA keys (i.e. generated by malware)
View extractrsa.py
#!/usr/bin/env python3
#
# author: notdodo
#
import os
import sqlite3
import itertools
from multiprocessing import Pool
try:
import gmpy2
View keybase.md

Keybase proof

I hereby claim:

  • I am notdodo on github.
  • I am edoardo_rosa (https://keybase.io/edoardo_rosa) on keybase.
  • I have a public key whose fingerprint is 1220 9C4A 9062 019F 3D1D 9B77 BDC2 40F8 81A5 C413

To claim this, I am signing this object:

@notdodo
notdodo / lastrofi.zsh
Created Feb 23, 2020
rofi menu to help read Lastpass passwords.
View lastrofi.zsh
#!/usr/bin/env zsh
if ! hash lpass 2>/dev/null; then
echo "Lastpass not installed"
exit -1
fi
if ! hash xsel 2>/dev/null; then
echo "xsel not installed"
exit -1
@notdodo
notdodo / ecfuck.sh
Last active May 13, 2020
If you have some protected/licensed slides that require a non-open/compatible PDF reader (i.e. Locklizard) you can use this commands to bypass the block.
View ecfuck.sh
#!/usr/bin/bash
#
# Author notdodo
#
#
###############################################################################
# SCENARIO ####################################################################
###############################################################################
@notdodo
notdodo / ssround.zsh
Last active May 13, 2020
Stealth Scan a list of IPs/subnets with Nmap and multiple from random and multiple VPNs to avoid IP filtering.
View ssround.zsh
#!/usr/bin/env zsh
trap ctrl_c INT
#
# author: notdodo
#
# Scan a set of IPs/subnets using multiple VPN profiles
#
# Default values of arguments
local IPS=""
local CREDENTIALS_FILE="./credentials.txt"
@notdodo
notdodo / lfi_generator.py
Created Oct 27, 2019
Create PHP dockers (that are available on the official channel) to create a LFI test laboratory
View lfi_generator.py
#!/usr/bin/env python3
import glob
import requests
import subprocess
import sys
from bs4 import BeautifulSoup
from grp import getgrgid
from os import stat, path, chown
from pwd import getpwuid
@notdodo
notdodo / mashell.py
Last active May 13, 2020
Execute command using HEX or CHAR encoding. Bypass WAF and IPS filtering enabling RCE using xp_cmdshell: https://knifesec.com/evading-sql-injection-filters-to-get-rce/
View mashell.py
#!/usr/bin/env python3
# Injector script to get a pseudo-interactive shell using xp_cmdshell
# Source post:
# Author: notdodo
# https://twitter.com/_d_0_d_o_
#
# USAGE: python3 ./mashell.py "whoami /priv"
#
import binascii
import hashlib
@notdodo
notdodo / parse_dump.py
Last active Mar 17, 2020
Parse `sqlmap` dumps from data breaches or leaks file into a JSON file
View parse_dump.py
#!/usr/bin/env python3
# -*- encoding: ascii -*-
#
# AUTHOR: Edoardo Rosa dodo https://github.com/notdodo
#
# DESCRIPTION: Parse `sqlmap` dumps from data breaches or leaks into JSON files
#
# Some files have shitty encoding/chars and they must be educated:
# sed -i 's/[^[:print:]\t]//g; s/\\r//g' *.txt
import click
View OSCPbuffer.md

Speed up videos

document.getElementById("video").playbackRate = 1.5;

VPN - NM

[vpn]
dev-type=tap
@notdodo
notdodo / cleanvba.zsh
Created Dec 31, 2018
Clean VBA: this script should remove unused variables in obfuscated VBAs (should work also for other files)
View cleanvba.zsh
#!/usr/bin/env zsh
#
toclean=${1}
while read line; do
local length=$(echo -n ${line} | \wc -m)
if [[ ${length} -ge 50 ]]; then
local match=$(echo ${line} | \awk '{print $1}')
local file_match=$(\rg -i ${match} * -c | \awk -F ':' '{print $1}')
You can’t perform that action at this time.