Skip to content

Instantly share code, notes, and snippets.

View oct0xor's full-sized avatar

Boris Larin oct0xor

311 followers · 41 following
View GitHub Profile
@1wErt3r
1wErt3r / SMBDIS.ASM
Created November 9, 2012 22:27
A Comprehensive Super Mario Bros. Disassembly
;SMBDIS.ASM - A COMPREHENSIVE SUPER MARIO BROS. DISASSEMBLY
;by doppelganger (doppelheathen@gmail.com)
;This file is provided for your own use as-is. It will require the character rom data
;and an iNES file header to get it to work.
;There are so many people I have to thank for this, that taking all the credit for
;myself would be an unforgivable act of arrogance. Without their help this would
;probably not be possible. So I thank all the peeps in the nesdev scene whose insight into
;the 6502 and the NES helped me learn how it works (you guys know who you are, there's no
@shuffle2
shuffle2 / example.py
Last active November 21, 2016 20:40
machine-readable powerpc ISA (32bit, espresso / nintendo)
'''
example of consuming insns.xml
'''
from xml.etree.ElementTree import ElementTree
class Instructions:
def __init__(s):
s.root = ElementTree(file = 'insns.xml')
def dump(s):
@TheLastMutt
TheLastMutt / mini51.c
Last active March 30, 2019 09:48
OpenOCD stuff for Mini51
/***************************************************************************
* Copyright (C) 2013 Cosmin Gorgovan *
* cosmin [at] linux-geek [dot] org *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
@brandonprry
brandonprry / gist:692e553975bf29aeaf2c
Last active August 29, 2015 14:12
=begin
McAfee ePolicy Orchestrator Authenticated XXE and Credential Disclosure
Trial available here:
https://secure.mcafee.com/apps/downloads/free-evaluations/survey.aspx?mktg=ESD1172&cid=ESD1172&eval=A0C692FB-8E29-4D47-BBF1-43CAB5F10069&region=us
McAfee ePolicy Orchestrator suffers from an authenticated XXE vulnerability, available to any authenticated user. The Server Task Log option in the upper left menu is where the vulnerability lies. When creating a custom filter, a bit of XML is passed from the client to the server to create the said filter. This parameter is called 'conditionXML' and is vulnerable to an XXE attack. The attack seems a bit limited however, as you can only fit up to 255 characters in the 'value' field.
However, a file in the web server installation configuration directory called 'keystore.properties' is less than the size we need, and contains an encrypted passphrase that is set during installation. When installing, an initial admin user is created (with 'admin' as the default userna
@isciurus
isciurus / MainActivity.java
Last active May 12, 2024 23:45
PoC for Android GoogleAuthUtil.getToken() bug
package com.isciurus.oauth_poc;
import java.io.IOException;
import java.text.DateFormat;
import java.util.Date;
import com.google.android.gms.auth.GoogleAuthException;
import com.google.android.gms.auth.GoogleAuthUtil;
import com.google.android.gms.auth.UserRecoverableAuthException;
import android.accounts.AccountManager;
import android.app.Activity;
@achillean
achillean / ssh-fingerprints.csv
Created February 17, 2015 20:11
Top 1,000 Duplicate SSH Fingerprints on the Internet
dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e8:c0 245272
32:f9:38:a2:39:d0:c5:f5:ba:bd:b7:75:2b:00:f6:ab 197846
d0:db:8a:cb:74:c8:37:e4:9e:71:fc:7a:eb:d6:40:81 152046
34:47:0f:e9:1a:c2:eb:56:eb:cc:58:59:3a:02:80:b6 140777
df:17:d6:57:7a:37:00:7a:87:5e:4e:ed:2f:a3:d5:dd 91904
81:96:a6:8c:3a:75:f3:be:84:5e:cc:99:a7:ab:3e:d9 80499
7c:a8:25:21:13:a2:eb:00:a6:c1:76:ca:6b:48:6e:bf 78172
1c:1e:29:43:d2:0c:c1:75:40:05:30:03:d4:02:d7:9b 71851
8b:75:88:08:41:78:11:5b:49:68:11:42:64:12:6d:49 70786
c2:77:c8:c5:72:17:e2:5b:4f:a2:4e:e3:04:0c:35:c9 68654
@mak
mak / cve2015_3113.as
Created June 29, 2015 21:15
CVE-2015-3113 from 205a625ebc3b0a9b286dc8f065845433
package
{
import flash.display.MovieClip;
import flash.utils.ByteArray;
import flash.net.URLLoader;
import flash.utils.Timer;
import flash.media.Video;
import flash.display.Loader;
import flash.net.URLRequest;
import flash.events.Event;
@v-p-b
v-p-b / Skeptics_Guide_to_Security_Cons.md
Last active January 23, 2020 13:43
Skeptics Guide to Security Conferences
@xerub
xerub / prologue.py
Last active July 15, 2022 00:18
AArch64 prologue
# Fix clang function prologues
# WARNING: this WILL patch bytes in the database
#
# Copyright (c) 2015 xerub
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
@FauxFaux
FauxFaux / chrome2ca.sh
Created December 30, 2015 00:18
Capture CAs from Chrome history
locate -r '/History$' | fgrep chrom | while read x; do echo select url from urls\; | sqlite3 "$x"; done > hist
cut -d/ -f 3 hist | sort -u | xargs -P200 -I{} -n1 -- sh -c ': | openssl s_client -connect {}:443 2> {}.path > {}.handshake'
for f in *.path; do if ! fgrep 'verify erro' $f >/dev/null; then grep -m1 '^depth' $f; fi; done | cut -d' ' -f 2- | sort | uniq -c | sort -n
for f in *.path; do if ! fgrep 'verify erro' $f >/dev/null; then grep -m1 '^depth' $f; fi; done | cut -d' ' -f 2- | sed 's/.*O = //;s/, OU =.*//;s/, CN = //;s/The //;s/[",.]//g;s/ Inc//' | sort | uniq -c | sort -n