Skip to content

Instantly share code, notes, and snippets.

View roddux's full-sized avatar
💭
🌞

Rory M roddux

💭
🌞
View GitHub Profile
@roddux
roddux / vr-rev-jobs.md
Last active December 1, 2023 20:49 — forked from iamavu/vr-rev-jobs.md
Companies that offer Vulnerability Researcher positions

Vulnerability Researcher Jobs

This list takes no ethical standpoint on any of the companies listed below; it is simply a list of companies hiring for vulnerability researcher positions.

Name Link
@roddux
roddux / perfpricegb.js
Created November 4, 2021 15:11
Perf/£/GB on RAM for PCPartPicker
// https://uk.pcpartpicker.com/products/memory/#page=1
// Visit site, run script in console / greasemonkey / etc
var max_perf = 3200 / 17; // reasonable
var max_value = max_perf / 6; // defaults
// TODO:
// - look at all items then pick best, don't use defaults
// - resort the list based on best values
@roddux
roddux / f5scan.sh
Created August 19, 2020 10:02
CVE-2020-5902 scanner
#!/usr/bin/env bash
# usage: ./f5scan.sh <CIDR 1> <CIDR 2>
# requires: xargs, curl, nmap, awk
TIMEOUT=1
THREADS=20
scan() {
URL=$1
echo "CHECK: $URL"
res=$(curl -skm$TIMEOUT $URL -w'%{http_code}' -o/dev/null)
@roddux
roddux / no-multicall.patch
Created December 17, 2019 18:14
WordPress patch to disable system.multicall
diff --git a/wp-includes/IXR/class-IXR-server.php b/wp-includes/IXR/class-IXR-server.php
index 9702ba2..5437ce8 100644
--- a/wp-includes/IXR/class-IXR-server.php
+++ b/wp-includes/IXR/class-IXR-server.php
@@ -92,6 +92,7 @@ EOD;
function call($methodname, $args)
{
+ unset($this->callbacks["system.multicall"]);
if (!$this->hasMethod($methodname)) {
@roddux
roddux / Concrete5 8.5.1 printf-debugging patch
Created November 6, 2019 15:26
beware: advanced secret techniques
diff -r concrete5-8.5.1/concrete/controllers/backend/file/folder.php html/concrete/controllers/backend/file/folder.php
18a19
> echo "<!-- add folder woo -->\n";
diff -r concrete5-8.5.1/concrete/src/Http/DefaultDispatcher.php html/concrete/src/Http/DefaultDispatcher.php
106a107
> echo "<!-- handleDispatch: " . $request->getRequestUri() . "-->\n";
109c110,111
< $route = $this->router->matchRoute($request)->getRoute();
---
> $route = $this->router->matchRoute($request)->getRoute();
@roddux
roddux / freezer.js
Created April 4, 2019 14:00
Another JS shell fuzzer, exploring some ideas from TODOs in the last
var _variables = {};
var _varCount = 1;
var _functions = [];
var _funcCount = 1;
var _dvarCount = 0;
var rc = (x)=>x[Math.floor(Math.random() * x.length)];
function pick(X, recurseLevel) {
if (recurseLevel >= 5) return "'ZZ'"
@roddux
roddux / fuck^H^Hzz.js
Created March 27, 2019 22:04
In-process JS builtin fuzzing idea
// Inspiration: @5aelo, @_tsuro, @ifsecure, @bkth_
// $ ./spidermonkey/js ./fuck^H^Hzz.js
// A quick thought experiment. A simple in-process template fuzzer using eval.
// Next idea is to generate the template, too. This one was hardcoded to try and find JIT bugs. Perhaps it will, I only ran it for a few hours.
// Can code even be JIT'd if it's being run via eval, though? Idk. Baby steps.
var rc = (x)=>x[Math.floor(Math.random() * x.length)];
var _object = [