Skip to content

Instantly share code, notes, and snippets.

Avatar

Eldar Marcussen wireghoul

View GitHub Profile
@wireghoul
wireghoul / life-utf8.c
Created Jul 4, 2020 — forked from katef/life-utf8.c
XBM to UTF-8 braille image things
View life-utf8.c
/*
* John Conway's Game of Life.
*
* This is written for POSIX, using Curses. Resizing of the terminal is not
* supported.
*
* By convention in this program, x is the horizontal coordinate and y is
* vertical. There correspond to the width and height respectively.
* The current generation number is illustrated when show_generation is set.
*
@wireghoul
wireghoul / ELcheck.sh
Created May 18, 2020 — forked from EMSeek/ELcheck.sh
Checking Java for EL injection
View ELcheck.sh
#!/bin/bash
# By Eldar Marcussen for SEEK 29/04/2020
echo 'Simplistic Java Expression Language Injection detection'
echo '==================================================}*>>>'
echo ' [*] Identifying use of spring eval with variables:'
grep -HrnE '<spr(ing)?:eval.*\$\{' "$1"
echo ' [*] Identifying EL code definitions.'
grep -hroE '<spr(ing)?:(message|theme).*code=[^>]+>' "$1" | sort -u | sed -e"s/.*code=[\"\']//" -e"s/[\'\"].*//" > /tmp/elcList.txt
echo ' [+] Code list saved as /tmp/elcList.txt'
echo ' [*] Shortlisting codes with arguments.'
@wireghoul
wireghoul / pf.db
Created Jan 21, 2018
Simple checks for auditing PF firewall rules with graudit
View pf.db
/0[ ,\"\'\}]
/1[ ,\"\'\}]
/2[ ,\"\'\}]
/3[ ,\"\'\}]
/4[ ,\"\'\}]
/5[ ,\"\'\}]
/6[ ,\"\'\}]
/7[ ,\"\'\}]
/8[ ,\"\'\}]
[^\#]*from any to any
@wireghoul
wireghoul / xntrikfacts.txt
Last active Jan 21, 2018
Collection of #xntrikfacts without attribution...
View xntrikfacts.txt
Xntrik dreams in base64
he can smell malware through the insulation on an ethernet cable
People talk about the time he turned left instead of right and the entire traffic system fell over
His moustache is classified as a cyberweapon under the Wassenaar Agreement.
- His moustache is also dual use
The top secret method of HTTP compression that is immune to BREACH/CRIME attacks: @xntrik's skinny jeans.
@wireghoul
wireghoul / apache_modaccouting_postgresql_injection.rb
Last active Aug 29, 2015 — forked from bcoles/apache_modaccouting_postgresql_injection.rb
This module exploits an SQL injection vulnerability in the mod_accounting module for Apache 1.3 when configured to use PostgreSQL. This module uses SQL injection in the HTTP 'Host' header to execute arbitrary commands as the database user. This module has been tested successfully on Apache 1.3.33 on Debian 3.1r8 Sarge with PostgreSQL 7.4.7.
View apache_modaccouting_postgresql_injection.rb
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
View ducksec.cow
root@kali:~# /usr/games/cowsay -f ducksec4 'QUACK THE PLANET!!!'
_____________________
< QUACK THE PLANET!!! >
---------------------
\
\
\ ___
__.' '.
(__} o )
'._. /
You can’t perform that action at this time.