Skip to content

Instantly share code, notes, and snippets.

View wofeiwo's full-sized avatar
💭
蚂蚁集团长期招人,安全各方面

GaRY wofeiwo

💭
蚂蚁集团长期招人,安全各方面
781 followers · 188 following
View GitHub Profile
@wofeiwo
wofeiwo / port_reuse.php
Last active July 26, 2023 22:17
Reuse Apache 80 port to spawn a interactive shell. Bypass the firewall.
<?php
//
// port_reuse.php
//
// Created by wofeiwo <wofeiwo@80sec.com> on 2011-08-27.
// Copyright 2011 80sec. All rights reserved.
// Reuse Apache 80 port to spawn a interactive shell. Bypass the firewall.
// Note: Only available on PHP >= 5.3.6 with mod_php on apache.
// Usage: 1. Put the script on htdocs.
// 2. Get interactive shell:
@wofeiwo
wofeiwo / http_request.py
Created November 7, 2013 10:23
def http_request(url,
data = {},
header = {
# 默认伪装成IE9
"User-Agent" : "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1; Trident/4.0)",
"Connection" : "Close",
# 避免proxy cache页面
"Pragma" : "no-cache",
"Cache-Control": "no-cache, max-age=0, must-revalidate"
}):
@wofeiwo
wofeiwo / gist:6060134
Last active December 20, 2015 02:59 — forked from leemars/gist:6060036
Vim encoding script
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
" => Encoding
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
set encoding=utf-8
set fileencodings=ucs-bom,utf-8,gbk,euc-jp,euc-kr,big5,gb18030,latin1
function! s:CheckGBLocale(locale_var)
let locale_var=toupper(a:locale_var)
if (match(locale_var, '.GBK$') != -1 || match(locale_var, '.GB18030$') != -1 || match(locale_var, '.GB2312$') != -1)
return 1
@wofeiwo
wofeiwo / apachexss.js
Created May 27, 2013 03:56 — forked from pilate/apachexss.js
// Most browsers limit cookies to 4k characters, so we need multiple
function setCookies (good) {
// Construct string for cookie value
var str = "";
for (var i=0; i< 819; i++) {
str += "x";
}
// Set cookies
for (i = 0; i < 10; i++) {
// Expire evil cookie
@wofeiwo
wofeiwo / phpweblog2markdown.py
Created May 11, 2013 19:09
trans all blog entities from phpweblog.net to markdown format. each entity a file. include all files and images.
#!/usr/bin/env python
#coding=utf-8
from xml.dom import minidom as md
from datetime import datetime
import re
from urllib2 import urlopen
from os.path import basename
from socket import setdefaulttimeout
@wofeiwo
wofeiwo / http-vuln-cve2013-0156.nse
Created May 7, 2013 01:55 — forked from h0ng10/http-vuln-cve2013-0156.nse
local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local vulns = require "vulns"
description = [[
Detects Ruby on Rails installations that are vulnerable to CVE-2013-0156, This critical vulnerability allows unauthenticated attackers to execute code remotely.
This is the nmap/lua port of the metasploit scanner module from hd moore
@wofeiwo
wofeiwo / grace.go
Last active December 17, 2015 00:49 — forked from rcrowley/grace.go
package main
import (
"log"
"net"
"os"
"os/signal"
"sync"
"syscall"
"time"
@wofeiwo
wofeiwo / readLines-writeLines.go
Created April 2, 2013 04:41
read lines write lines like python api in golang
package main
import (
"io"
"os"
"bufio"
"bytes"
"fmt"
"strings"
)
@wofeiwo
wofeiwo / hex_str_transfer.py
Created December 13, 2012 05:38
hex,string,int_bits transfer
def hexstr(s):
"""
turns ABCD
into
41424344
"""
tmp=[]
for c in s:
tmp+=["%2.2x"%ord(c)]
return "".join(tmp)
@wofeiwo
wofeiwo / fcgiclient.go
Created September 15, 2012 09:08
Golang FastCGI Client
// Copyright 2012 Junqing Tan <ivan@mysqlab.net> and The Go Authors
// Use of this source code is governed by a BSD-style
// Part of source code is from Go fcgi package
// Fix bug: Can't recive more than 1 record untill FCGI_END_REQUEST 2012-09-15
// By: wofeiwo
package fcgiclient
import (