Skip to content

Instantly share code, notes, and snippets.

View securitytube's full-sized avatar

securitytube

168 followers · 2 following
View GitHub Profile
@securitytube
securitytube / csrf.py
Last active April 3, 2019 21:18
CSRF Attacks
"""
This Challenge requires a 2 Step process:
1. Fetch the CSRF token from the JSON API defined below:
URL: /lab/webapp/csrf/13
Method: POST
Parameters: gettoken=true
Cookie: Required
@securitytube
securitytube / api.py
Created January 21, 2015 18:36
API Documentation
"""
Our embedded widgets are allowed to call our APIs from 3rd Party Websites.
Here is an example API:
API Name: Challenge Verification API
API Endpoint: /lab/webapp/csrf/12
METHOD: PUT
@securitytube
securitytube / pa.py
Last active August 29, 2015 14:13
PA
param = self.request.get("ch10")
referer = self.request.referer
xreferer = self.request.headers.get('X-Referer')
valid_referer = "http://pentesteracademylab.appspot.com/lab/webapp/csrf/10"
if referer or xreferer:
if param == flag and (referer == valid_referer or str(xreferer) == valid_referer) :
cid = "success"
self.response.headers.add_header("Set-Cookie", "cid-csrf10="+cid)
self.redirect("/lab/webapp/csrf/10")
@securitytube
securitytube / rf.py
Created January 21, 2015 09:23
Referer based CSRF Check
param = self.request.get("ch10")
referer = self.request.referer
xreferer = self.request.headers.get('X-Referer')
domain = "pentesteracademylab.appspot.com"
domain1 = domain2 = ''
if referer:
domain1 = referer.replace('http://', '').split('/')[0]
if xreferer:
domain2 = str(xreferer).replace('http://', '').split('/')[0]
@securitytube
securitytube / referer-check.py
Created January 21, 2015 08:27
Pentester Academy CSRF Challenge
param = self.request.get("ch9")
referer = self.request.referer
if referer:
domain = referer.replace('http://', '').split('/')[0]
logging.info(domain)
if param == flag and ( domain.find("pentesteracademylab.appspot.com") != -1 ) :
cid = "success"
self.response.headers.add_header("Set-Cookie", "cid-csrf9="+cid)
self.redirect("/lab/webapp/csrf/9")
@securitytube
securitytube / DllMainThread.c
Created November 1, 2014 11:10
Launch Shellcode as a Thread via DllMain rather than a new process
// Dll Hijacking via Thread Creation
// Author - Vivek Ramachandran
// Learn Pentesting Online -- http://PentesterAcademy.com/topics and http://SecurityTube-Training.com
// Free Infosec Videos -- http://SecurityTube.net
#include <windows.h>
#define SHELLCODELEN 2048
@securitytube
securitytube / dllexportdump.py
Created November 1, 2014 11:06
Export DLL Functions into a DEF file for use with Mingw32/64
#!/usr/bin/python
"""
Author - Vivek Ramachandran
Learn Pentesting Online -- http://PentesterAcademy.com/topics and http://SecurityTube-Training.com
Free Infosec Videos -- http://SecurityTube.net
"""
import sys, pefile
@securitytube
securitytube / CheckS3.py
Created April 10, 2013 10:51
CheckS3.py - Prints all the files with public-read enabled.
#!/usr/bin/env python
# Author - Vivek Ramachandran
#
# Website - http://securitytube.net
#
# Python for Hackers: http://securitytube-training.com/online-courses/securitytube-python-scripting-expert/
#
# License: Use as you please for non-commercial purposes.
#
@securitytube
securitytube / UnderstandingS3ACLs.py
Created April 10, 2013 10:37
UnderstandingS3ACLs.py - Help understand permission sets on Amazon S3 using Boto http://securitytube.net
#!/usr/bin/env python
# Author - Vivek Ramachandran
#
# Website - http://securitytube.net
#
# Python for Hackers: http://securitytube-training.com/online-courses/securitytube-python-scripting-expert/
#
# License: Use as you please for non-commercial purposes.
#
@securitytube
securitytube / TCP-Packet-Injection.c
Created April 6, 2013 06:30
TCP Packet Injection: Original Source: http://code.securitytube.net/TCP-Packet-Injection.c
#include<stdio.h>
#include<stdlib.h>
#include<sys/socket.h>
#include<features.h>
#include<linux/if_packet.h>
#include<linux/if_ether.h>
#include<errno.h>
#include<sys/ioctl.h>
#include<net/if.h>
#include<net/ethernet.h>