I hereby claim:
- I am notdodo on github.
- I am edoardo_rosa (https://keybase.io/edoardo_rosa) on keybase.
- I have a public key whose fingerprint is 1220 9C4A 9062 019F 3D1D 9B77 BDC2 40F8 81A5 C413
To claim this, I am signing this object:
notdodo
/ keybase.md
Created
April 1, 2020 12:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env zsh | |
| if ! hash lpass 2>/dev/null; then | |
| echo "Lastpass not installed" | |
| exit -1 | |
| fi | |
| if ! hash xsel 2>/dev/null; then | |
| echo "xsel not installed" | |
| exit -1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/bash | |
| # | |
| # Author notdodo | |
| # | |
| # | |
| ############################################################################### | |
| # SCENARIO #################################################################### | |
| ############################################################################### |
notdodo
/ ssround.zsh
Last active
May 13, 2020 19:05
Stealth Scan a list of IPs/subnets with Nmap and multiple from random and multiple VPNs to avoid IP filtering.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env zsh | |
| trap ctrl_c INT | |
| # | |
| # author: notdodo | |
| # | |
| # Scan a set of IPs/subnets using multiple VPN profiles | |
| # | |
| # Default values of arguments | |
| local IPS="" | |
| local CREDENTIALS_FILE="./credentials.txt" |
notdodo
/ lfi_generator.py
Created
October 27, 2019 20:36
Create PHP dockers (that are available on the official channel) to create a LFI test laboratory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import glob | |
| import requests | |
| import subprocess | |
| import sys | |
| from bs4 import BeautifulSoup | |
| from grp import getgrgid | |
| from os import stat, path, chown | |
| from pwd import getpwuid |
notdodo
/ mashell.py
Last active
October 14, 2020 05:45
Execute command using HEX or CHAR encoding. Bypass WAF and IPS filtering enabling RCE using xp_cmdshell: https://knifesec.com/evading-sql-injection-filters-to-get-rce/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Injector script to get a pseudo-interactive shell using xp_cmdshell | |
| # Source post: | |
| # Author: notdodo | |
| # https://twitter.com/_d_0_d_o_ | |
| # | |
| # USAGE: python3 ./mashell.py "whoami /priv" | |
| # | |
| import binascii | |
| import hashlib |
notdodo
/ parse_dump.py
Last active
March 17, 2020 18:10
Parse `sqlmap` dumps from data breaches or leaks file into a JSON file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # -*- encoding: ascii -*- | |
| # | |
| # AUTHOR: Edoardo Rosa dodo https://github.com/notdodo | |
| # | |
| # DESCRIPTION: Parse `sqlmap` dumps from data breaches or leaks into JSON files | |
| # | |
| # Some files have shitty encoding/chars and they must be educated: | |
| # sed -i 's/[^[:print:]\t]//g; s/\\r//g' *.txt | |
| import click |
notdodo
/ OSCPbuffer.md
Last active
January 26, 2019 11:57
notdodo
/ cleanvba.zsh
Created
December 31, 2018 14:33
Clean VBA: this script should remove unused variables in obfuscated VBAs (should work also for other files)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env zsh | |
| # | |
| toclean=${1} | |
| while read line; do | |
| local length=$(echo -n ${line} | \wc -m) | |
| if [[ ${length} -ge 50 ]]; then | |
| local match=$(echo ${line} | \awk '{print $1}') | |
| local file_match=$(\rg -i ${match} * -c | \awk -F ':' '{print $1}') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| INSERT INTO `wp_users` (`user_login`, `user_pass`, `user_nicename`, `user_email`, `user_status`) VALUES ('edoz90', MD5('passwordASD'), 'administrator', 'asd@asd.it', '0'); | |
| INSERT INTO `wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, (SELECT max(id) FROM wp_users), 'wp_capabilities', 'a:1:{s:13:"administrator";s:1:"1";}'); | |
| INSERT INTO `wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, (SELECT max(id) FROM wp_users), 'wp_user_level', '10'); |