Skip to content

Instantly share code, notes, and snippets.

View sharpicx's full-sized avatar

sharpicx

View GitHub Profile
@sharpicx
sharpicx / server.py
Created December 21, 2023 19:51
snippet codes i made for python https server instead of `python -m http.server`
# openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 365 -out server.crt
import http.server
import ssl
from http.server import HTTPServer, SimpleHTTPRequestHandler
host = '0.0.0.0'
port = 8000
certfile = 'server.crt'
keyfile = 'server.key'
@sharpicx
sharpicx / api_server.py
Last active January 8, 2024 03:19
FRP with Flask (REST API) VPS Tunnel
from flask import Flask, request
from flask_ipfilter import IPFilter, Whitelist
import requests
app = Flask(__name__)
HTTP_METHODS = ['GET', 'HEAD', 'POST', 'PUT', 'DELETE', 'CONNECT', 'OPTIONS', 'TRACE', 'PATCH'] # getting all methods work on the target
ip_filter = IPFilter(app, ruleset=Whitelist())
ip_filter.ruleset.permit("xxx.xxx.xx.x") # whitelisting my office public IP
@sharpicx
sharpicx / WinDbg and LLDB commands.md
Created November 29, 2023 03:53 — forked from rafaelldi/WinDbg and LLDB commands.md
WinDbg and LLDB commands

Starting

Command WinDbg LLDB
Start windbg {executable} [{args}] lldb {executable} [--args]
Attach windbg -p {pid} lldb --attach-pid {pid}

Symbols and modules

Command WinDbg LLDB
(Re)load symbols lb {module-name} target symbols add {symbol-file-path}
@sharpicx
sharpicx / fuzzing.py
Last active November 28, 2023 21:06
vulnserver - challenge ppt dari pak marie (f3ci)
# running vulnserver in wine
# debug it on winedbg with gef plugin enabled
from pwn import *
import string
from struct import pack
context.log_level = "DEBUG"
r = remote("127.0.0.1", 9999)
'''
else if (strncmp(RecvBuf, "TRUN ", 5) == 0) {
@sharpicx
sharpicx / example.sh
Created November 27, 2023 10:45
converting /proc/net/tcp into readable stuff using python and shell
#!/bin/bash
convert_ip_address() {
IFS=':' read -ra parts <<< "$1"
ip=""
for part in "${parts[@]:0:4}"; do
ip+=$(printf "%d." 0x$part)
done
ip=${ip::-1}
port=$(printf "%d" 0x${parts[4]})
@sharpicx
sharpicx / kek.svg
Last active February 16, 2024 04:04
xss payload for xmlhttprequest
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@sharpicx
sharpicx / lfi.js
Last active October 15, 2023 03:28
Galz - Hacktrace (bruteforcing admin pages & Automating LFI)
var cryptojs = require("crypto-js");
var axios = require("axios");
var cheerio = require("cheerio");
var readline = require("readline");
function decrypt(data) {
const key = cryptojs.enc.Hex.parse("0123456789abcdef0123456789abcdef");
const iv = cryptojs.enc.Hex.parse("abcdef9876543210abcdef9876543210");
const bytes = cryptojs.AES.decrypt({ciphertext: cryptojs.enc.Base64.parse(data)}, key, {iv: iv});
return console.log(bytes.toString(cryptojs.enc.Utf8));
@sharpicx
sharpicx / fuck.ps1
Last active October 12, 2023 00:01
File Sharing via Powershell (Windows)
# encode
[convert]::ToBase64String((Get-Content ".\test.exe" -Encoding Byte)) > test.txt
# decode
$file = Get-Content ".\test.txt" -Encoding UTF8
[io.file]::WriteAllBytes("name.file", [convert]::FromBase64String($file))
@sharpicx
sharpicx / 021.sh
Last active September 30, 2023 17:07
hackmyvm - chall 021
# crunch 6 6 -t P8%%%% -o words.txt
function main() {
for i in $(cat ./words.txt); do
res=$(echo $i | ./download.elf)
echo $res
correct=$(echo $i | ./download.elf | cut -f3 -d ' ')
if [[ "$correct" == "Correct" ]]; then
echo "Password found: $i"
break
fi
@sharpicx
sharpicx / fuck.js
Last active January 23, 2024 13:45
Hacktrace - Autobot (X-Signature & AES)
/*
made by sharpicx @ sharpicx.eu.org
*/
var https = require("https");
var axios = require("axios");
var cryptoJS = require("crypto-js");
const url = "https://autobot.htr/details.php";