Skip to content

Instantly share code, notes, and snippets.

Avatar

Myo Soe (aka Aung Khant) yehgdotnet

View GitHub Profile
View GraphQL-Introspection-Query-Url-Encoded
query%20IntrospectionQuery%20%7B%0A%20%20%20%20__schema%20%7B%0A%20%20%20%20%20%20queryType%20%7B%20name%20%7D%0A%20%20%20%20%20%20mutationType%20%7B%20name%20%7D%0A%20%20%20%20%20%20types%20%7B%0A%20%20%20%20%20%20%20%20...FullType%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20directives%20%7B%0A%20%20%20%20%20%20%20%20name%0A%20%20%20%20%20%20%20%20description%0A%20%20%20%20%20%20%20%20locations%0A%20%20%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%20%20fragment%20FullType%20on%20__Type%20%7B%0A%20%20%20%20kind%0A%20%20%20%20name%0A%20%20%20%20description%0A%20%20%20%20fields%28includeDeprecated%3A%20true%29%20%7B%0A%20%20%20%20%20%20name%0A%20%20%20%20%20%20description%0A%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20type%20%7B%0A%20%20%20%20%20%20%20%20...TypeRef%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20isDeprecated%0A%20%20%
@yehgdotnet
yehgdotnet / vpn.md
Created Oct 23, 2019 — forked from joepie91/vpn.md
Don't use VPN services.
View vpn.md

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

A Russian translation of this article can be found here, contributed by Timur Demin. There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.

Why not?

@yehgdotnet
yehgdotnet / tlds
Created Jun 12, 2018 — forked from di/tlds
Valid Two-Letter Top Level Domains
View tlds
ac
ad
ae
af
ag
ai
al
am
an
ao
@yehgdotnet
yehgdotnet / mandros.py
Created Mar 20, 2018 — forked from xassiz/mandros.py
Reverse MSSQL shell
View mandros.py
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''
View delete-git-recursively.sh
( find . -type d -name ".git" && find . -name ".gitignore" && find . -name ".gitmodules" ) | xargs rm -rf
View rduck-pinbrute.py
#!/usr/bin/env python
# rduck-pinbrute: Generate Duckyscript file that brute forces all 4-digit
# PIN values for use in attacking Android devices. Prioritizes common
# PIN values before resorting to exhaustive 0000-9999 search.
# Joshua Wright, josh@willhackforsushi.com. Public Domain.
#
# Inspired by Darren Kitchen script:
# https://forums.hak5.org/index.php?/topic/28165-payload-android-brute-force-4-digit-pin/
# Data Genetics high probability list
@yehgdotnet
yehgdotnet / macosx_remove_java9.sh
Last active Mar 11, 2018 — forked from schnell18/macosx_remove_java9.sh
[Android-SDK | Java9 incompatibility fix - MacOS X] remove Java 9 and install Java 8
View macosx_remove_java9.sh
$ avdmanager
Exception in thread "main" java.lang.NoClassDefFoundError: javax/xml/bind/annotation/XmlSchema
at com.android.repository.api.SchemaModule$SchemaModuleVersion.<init>(SchemaModule.java:156)
at com.android.repository.api.SchemaModule.<init>(SchemaModule.java:75)
at com.android.sdklib.repository.AndroidSdkHandler.<clinit>(AndroidSdkHandler.java:81)
at com.android.sdklib.tool.AvdManagerCli.run(AvdManagerCli.java:213)
at com.android.sdklib.tool.AvdManagerCli.main(AvdManagerCli.java:200)
Caused by: java.lang.ClassNotFoundException: javax.xml.bind.annotation.XmlSchema
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:582)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:185)
@yehgdotnet
yehgdotnet / JAVA-ADVISORY.md
Created Mar 7, 2018 — forked from frohoff/JAVA-ADVISORY.md
Java 7u21 Security Advisory
View JAVA-ADVISORY.md

Security Advisory – Java SE

Chris Frohoff – Qualcomm Information Security and Risk Management

Introduction

  • Affected Product(s): Java SE 6, Java SE 7
  • Fixed in: Java SE 7u25 (2013-06-18), Java SE 8 (2014-03-18)
  • Vendor Contact: secalert_us@oracle.com
  • Vulnerability Type: Unsafe Object Deserialization
@yehgdotnet
yehgdotnet / JAVA-ADVISORY.md
Created Mar 7, 2018 — forked from frohoff/JAVA-ADVISORY.md
Java 7u21 Security Advisory
View JAVA-ADVISORY.md

Security Advisory – Java SE

Chris Frohoff – Qualcomm Information Security and Risk Management

Introduction

  • Affected Product(s): Java SE 6, Java SE 7
  • Fixed in: Java SE 7u25 (2013-06-18), Java SE 8 (2014-03-18)
  • Vendor Contact: secalert_us@oracle.com
  • Vulnerability Type: Unsafe Object Deserialization
@yehgdotnet
yehgdotnet / Numerics.cs
Created Mar 2, 2018
Shellcode Stuffed Into A System.Numerics.BigInteger - Cause You Know Why Not ;-)
View Numerics.cs
using System;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee