Skip to content

Instantly share code, notes, and snippets.

View orangetw's full-sized avatar
🍊
This is orange!

Orange Tsai orangetw

🍊
This is orange!
4.1k followers · 67 following
View GitHub Profile
@orangetw
orangetw / nanana.xxd
Created October 19, 2015 08:17
HITCON CTF 2015 Quals nanana
0000000: 7f45 4c46 0201 0100 0000 0000 0000 0000 .ELF............
0000010: 0200 3e00 0100 0000 2008 4000 0000 0000 ..>..... .@.....
0000020: 4000 0000 0000 0000 c811 0000 0000 0000 @...............
0000030: 0000 0000 4000 3800 0900 4000 1c00 1b00 ....@.8...@.....
0000040: 0600 0000 0500 0000 4000 0000 0000 0000 ........@.......
0000050: 4000 4000 0000 0000 4000 4000 0000 0000 @.@.....@.@.....
0000060: f801 0000 0000 0000 f801 0000 0000 0000 ................
0000070: 0800 0000 0000 0000 0300 0000 0400 0000 ................
0000080: 3802 0000 0000 0000 3802 4000 0000 0000 8.......8.@.....
0000090: 3802 4000 0000 0000 1c00 0000 0000 0000 8.@.............
@orangetw
orangetw / introspection-query.graphql
Created September 21, 2018 03:42 — forked from craigbeck/introspection-query.graphql
Introspection query for GraphQL
query IntrospectionQuery {
__schema {
queryType { name }
mutationType { name }
subscriptionType { name }
types {
...FullType
}
directives {
@orangetw
orangetw / pwn_gdb.py
Created August 31, 2015 15:09
Remote Code Execution on GDB Remote Debugging Protocol
# coding: UTF-8
#
import sys
import gdb
import socket
import struct
import binascii
DEBUG = False
@orangetw
orangetw / w3rmup.php
Created December 5, 2021 13:47
<?php
if (!isset($_GET['mail']))
highlight_file(__FILE__) && exit();
$mail = filter_var($_GET['mail'], FILTER_VALIDATE_EMAIL);
$addr = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP);
$country = geoip_country_code_by_name($addr);
if (!$addr || strlen($addr) == 0) die('bad addr');
if (!$mail || strlen($mail) == 0) die('bad mail');
@orangetw
orangetw / jenkins-decrypt.groovy
Created August 4, 2017 07:31 — forked from tuxfight3r/jenkins-decrypt.groovy
Decrypting Jenkins Password
#To Decrypt Jenkins Password from credentials.xml
#<username>jenkins</username>
#<passphrase>your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J</passphrase>
#go to the jenkins url
http://jenkins-host/script
#In the console paste the script
hashed_pw='your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J'
@orangetw
orangetw / bounties.csv
Created April 18, 2017 12:40 — forked from nuthanmunaiah/bounties.csv
cve product bounty source
CVE-2014-0257 .NET Framework 5,000.00 https://hackerone.com/reports/18851
CVE-2015-3842 Android 2,000.00 https://code.google.com/p/android/issues/detail?id=177610
CVE-2015-3847 Android 1,500.00 https://code.google.com/p/android/issues/detail?id=179147
CVE-2015-3860 Android 500.00 https://code.google.com/p/android/issues/detail?id=178139
CVE-2015-3862 Android 333.00 https://code.google.com/p/android/issues/detail?id=181895
CVE-2015-3865 Android 1,500.00 https://code.google.com/p/android/issues/detail?id=182294
CVE-2015-3867 Android 4,000.00 https://code.google.com/p/android/issues/detail?id=182838
CVE-2015-3868 Android 4,000.00 https://code.google.com/p/android/issues/detail?id=182146
CVE-2015-3869 Android 3,000.00 https://code.google.com/p/android/issues/detail?id=182053
@orangetw
orangetw / all.txt
Created September 7, 2018 14:36 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎