Skip to content

Instantly share code, notes, and snippets.

View shellster's full-sized avatar

shellster

66 followers · 16 following
View GitHub Profile
@shellster
shellster / poc.py
Created December 31, 2023 18:15
RaspAP 3.0.4 POC
import requests
host = "http://<raspap ip>"
csrf_token = "<csrf token>"
cookies = {
"PHPSESSID": "<session id>",
"theme": "custom.php"
}
@shellster
shellster / NeverGone.cpp
Created December 12, 2022 03:07
Script to prevent sleep / lock screen.
#include <Windows.h>
//cl /EHsc NeverGone.cpp
INT WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR lpCmdLine, INT nCmdShow)
{
SetThreadExecutionState(ES_CONTINUOUS | ES_DISPLAY_REQUIRED | ES_SYSTEM_REQUIRED);
while(true){
Sleep(1000 * 60);
@shellster
shellster / AuthyToOtherAuthenticator.md
Created October 20, 2021 02:24 — forked from gboudreau/AuthyToOtherAuthenticator.md
Export TOTP tokens from Authy

Generating Authy passwords on other authenticators

There is an increasing count of applications which use Authy for two-factor authentication. However many users who aren't using Authy, have their own authenticator setup up already and do not wish to use two applications for generating passwords.

Since I use 1Password for all of my password storing/generating needs, I was looking for a solution to use Authy passwords on that. I couldn't find any completely working solutions, however I stumbled upon a gist by Brian Hartvigsen. His post had a neat code with it to generate QR codes for you to use on your favorite authenticator.

His method is to extract the secret keys using Authy's Google Chrome app via Developer Tools. If this was not possible, I guess people would be reverse engineering the Android app or something like that. But when I tried that code, nothing appeared on the screen. My guess is that Brian used the

@shellster
shellster / hackingfeeds.opml
Created October 4, 2020 18:41
Hacking Feed Subscription
<?xml version="1.0" encoding="UTF-8"?>
<opml version="1.1">
<head>
<title>Hacking RSS Feeds</title>
</head>
<body>
<outline type="rss" xmlUrl="http://seclists.org/rss/fulldisclosure.rss"/>
<outline type="rss" xmlUrl="https://krebsonsecurity.com/feed/"/>
<outline type="rss" xmlUrl="http://seclists.org/rss/metasploit.rss"/>
<outline type="rss" xmlUrl="http://rss.packetstormsecurity.com"/>
@shellster
shellster / gist:790bdf383fd15508af76fee8e4d26cee
Created February 17, 2018 21:30
Always Smile (TamperMonkey, ViolentMonkey, GreaseMonkey script to always redirect to smile.amazon.com instead of www.amazon.com)
// ==UserScript==
// @name Always Smile
// @version 0.1
// @description try to take over the world!
// @author shellster
// @match *://www.amazon.com/*
// @grant none
// ==/UserScript==
(function() {
@shellster
shellster / gist:c6ede512b2b245edc3b7e041d1693ec4
Last active September 18, 2017 22:15
Keybase proof
### Keybase proof
I hereby claim:
* I am shellster on github.
* I am shellster (https://keybase.io/shellster) on keybase.
* I have a public key whose fingerprint is 5ABD 2420 541E 7A5A C1D2 258A E482 A9A3 93E4 E1B6
To claim this, I am signing this object:
@shellster
shellster / 10958.py
Last active April 21, 2017 14:40
My attempt to solve the 10958 problem: https://www.youtube.com/watch?v=-ruC5A9EzzE
import itertools, sys, logging, operator, time
# RPN calculator code original borrowed from: https://codereview.stackexchange.com/questions/79795/reverse-polish-notation-calculator-in-python
def concat(a,b):
try:
if a.is_integer():
return float('%s%s' % (int(a),b))
except:
pass