Skip to content

Instantly share code, notes, and snippets.

View ourren's full-sized avatar

ourren ourren

1k followers · 918 following
View GitHub Profile
@ourren
ourren / decryptchromecookies.py
Created August 15, 2017 19:05 — forked from DakuTree/decryptchromecookies.py
Decrypt Chrome Cookies File (Python 3) - Windows
#Based off https://gist.github.com/DakuTree/98c8362fb424351b803e & pieces of https://gist.github.com/jordan-wright/5770442
from os import getenv
from shutil import copyfile
import sqlite3
import win32crypt #https://sourceforge.net/projects/pywin32/
# Copy Cookies to current folder
copyfile(getenv("APPDATA") + "/../Local/Google/Chrome/User Data/Default/Cookies", './Cookies')
# Connect to the Database
@ourren
ourren / Wannacrypt0r-FACTSHEET.md
Created May 13, 2017 06:27 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cybereweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.

SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Malware samples

@ourren
ourren / 360 not with get or post.list
Created March 24, 2016 13:06 — forked from anonymous/360 not with get or post.list
/robots.txt
/index.php?a=1%3Cscript%3Ealert(abc)%3C/script%3E
/nevercouldexistfilenosec
/nevercouldexistfilewebsec
/nevercouldexistfilenosec.aspx
/nevercouldexistfilewebsec.aspx
/nevercouldexistfilenosec.shtml
/nevercouldexistfilewebsec.shtml
/nevercouldexistfilenosec/
/nevercouldexistfilewebsec/
@ourren
ourren / alive_proxy.txt
Created April 15, 2015 22:55
alive proxy from cnproxy
['24.143.198.188:80', '61.19.30.198:8080', '173.201.95.24:80', '199.200.120.36:7808', '199.200.120.36:8089', '199.200.120.37:3127', '199.200.120.37:7808', '199.200.120.37:8089', '202.182.53.178:80', '209.129.244.6:80', '49.128.178.210:80', '62.165.42.170:8080', '91.220.124.35:80', '109.172.51.147:80', '116.66.41.53:80', '181.112.217.211:8080', '183.207.224.43:80', '189.204.50.67:8080', '197.253.6.69:8080', '217.21.146.130:8080', '218.4.236.117:80', '101.255.66.10:80', '218.28.237.242:8080', '218.240.131.12:80', '27.121.85.206:80', '42.121.105.155:8888', '101.255.75.38:80', '109.99.150.2:8080', '207.91.10.234:8080', '110.5.104.238:80', '113.190.252.124:80', '115.29.246.204:80', '202.159.20.147:80', '210.101.131.232:8080', '182.52.58.82:80', '111.1.36.166:80', '116.236.216.116:8080', '187.188.195.66:8080', '27.111.38.253:8080', '196.45.51.27:8080', '222.73.211.108:808', '190.246.146.212:8080', '218.28.96.39:3128', '218.90.174.167:3128', '118.97.130.194:80', '208.68.71.44:80', '112.124.5.121:80', '180.250.218.22
@ourren
ourren / default_router.py
Last active August 29, 2015 14:17
#!/usr/bin/env python
# coding=utf-8
import re
import urllib
import urllib2
from bs4 import BeautifulSoup
url = 'http://routerpasswords.com'
req = urllib2.Request(
url=url)
@ourren
ourren / dump_for_mysql.py
Created March 10, 2015 00:54
sqlite3 to mysql
#!/usr/bin/env python
import re
import fileinput
def this_line_is_useless(line):
useless_es = [
'BEGIN TRANSACTION',
'COMMIT',
'sqlite_sequence',
@ourren
ourren / XSS Protection in 5 common contexts
Last active August 29, 2015 14:12 — forked from soaj1664/XSS Protection in 5 common contexts
<?php
/**
* XSS protection function for HTML context only
* @usecases
* <title>use this function if output reflects here or as a content of any HTML tag.</title>
* e.g., <span>use this function if output reflects here</span>
* e.g., <div>use this function if output reflects here</div>
* @description
* Sanitize/Filter < and > so that attacker can not leverage them for JavaScript execution.