Skip to content

Instantly share code, notes, and snippets.

View rudSarkar's full-sized avatar
Negatively Charged

Rudra Sarkar rudSarkar

Negatively Charged
View GitHub Profile
rudSarkar / List of API endpoints & objects
Created October 1, 2020 10:49 — forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.


Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices. Cisco Security Manager offers comprehensive security management (configuration and event management) across a wide range of Cisco security appliances, including Cisco ASA Adaptive Security Appliances, Cisco IPS Series Sensor Appliances, Cisco Integrated Services Routers (ISRs), Cisco Firewall Services Modules (FWSMs), Cisco Catalyst, Cisco Switches and many more. Cisco Security Manager allows you to manage networks of all sizes efficiently-from small networks to large networks consisting of hundreds of devices.

Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and (according to Cisco) patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITY\SYSTEM.

rudSarkar / genymotionwithplay.txt
Created August 2, 2021 11:50 — forked from wbroek/genymotionwithplay.txt
Genymotion with Google Play Services for ARM
NOTE: Easier way is the X86 way, described on
Download the following ZIPs:
ARM Translation Installer v1.1 (
Download the correct GApps for your Android version:
Google Apps for Android 6.0 ( -
Google Apps for Android 5.1 ( -
Google Apps for Android 5.0 ( -
rudSarkar / nuclei-rce.yaml
Created September 20, 2021 02:10 — forked from c3l3si4n/nuclei-rce.yaml
POC demonstrating RCE on Nuclei v2.5.0. The following PoC will execute `touch /tmp/rce_on_nuclei`. JS exploit based on CVE-2021-21224 PoCs
id: nuclei-rce
name: Nuclei Template RCE by Chromium
author: c3l3si4n
severity: critical
tags: rce,hackback
- steps:
rudSarkar /
Created December 8, 2021 07:50 — forked from priyanshus/
NMAP scan for a list of subdomains
#Performs port scan using nmap
print_usage() {
cat << _EOF_
Utility to scan open ports. Can be used to scan ports for a domain or a list of domains specified in a file.
Example Usage:
-h, --help Show brief help
-d, --domain Domain name or ip to scan
-f, --file Spefify a file containing domains/IPs to scan
rudSarkar /
Created July 31, 2021 10:56 — forked from gboudreau/
Export TOTP tokens from Authy

Generating Authy passwords on other authenticators

There is an increasing count of applications which use Authy for two-factor authentication. However many users who aren't using Authy, have their own authenticator setup up already and do not wish to use two applications for generating passwords.

Since I use 1Password for all of my password storing/generating needs, I was looking for a solution to use Authy passwords on that. I couldn't find any completely working solutions, however I stumbled upon a gist by Brian Hartvigsen. His post had a neat code with it to generate QR codes for you to use on your favorite authenticator.

His method is to extract the secret keys using Authy's Google Chrome app via Developer Tools. If this was not possible, I guess people would be reverse engineering the Android app or something like that. But when I tried that code, nothing appeared on the screen. My guess is that Brian used the

# -------------------------------------------------
# Protect your .git directory!
# (You don't want anyone to download a copy of your website)
# -------------------------------------------------
# Add to .htaccess
# For Apache 2.4
<DirectoryMatch "^/.*/\.git/">
rudSarkar /
Created May 26, 2022 11:51 — forked from seresistvanandras/
Hacking smart contracts for fun and profit

Hacking smart contracts for fun and profit

Description of the game

The goal of the game to break as many contracts as possible! Note: one of these contracts is a HONEYPOT! BE CAREFUL!!

Claim your Ropsten test ether here!

The contracts you need to break and their addresses:

rudSarkar /
Created June 17, 2022 02:36 — forked from fransr/
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
# Written by Frans Rosén (
_debug="$2" #turn on debug
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"