Yoram van de Velde yoramvandevelde

## gist:b8afc4334911cfb84c65e15a92c0e187
yoram _ /tmp => alias aliaspwd='echo "`pwd`"'
yoram _ /tmp => aliaspwd
/tmp
yoram _ /tmp => cd ..
yoram _ / => aliaspwd
/

## gist:36de59f902c6cf30e2920514350ead7e
# Run as administrator
netsh advfirewall firewall add rule name="allow xdebug" dir=in action=allow protocol=TCP localport=9003

## gist:c1cd49e0c53c954b449980fb34bfac54
# Problem with header manipulation because of CRLF injection
# on nginx this is because of $host$uri usage over $host$request_uri
$ echo -e "GET /%0D%0ASet-Cookie: hack%0D%0AX-FoRwArDeDFor: yoram HTTP/1.1\r\nHost: $HOSTNAME\r\n" | \
  ncat $HOSTNAME 80
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Apr 2021 10:15:40 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive

## gist:7b28df62a4f59ce98030a4b8091f1ac4
/*
 * Linux Kernel <= 2.6.37 local privilege escalation
 * by Dan Rosenberg
 * @djrbliss on twitter
 *
 * Usage:
 * gcc full-nelson.c -o full-nelson
 * ./full-nelson
 *
 * This exploit leverages three vulnerabilities to get root, all of which were

## gist:628319d1ef4b8fe61fe9cb3b74b0e8b6
/* CVE-2009-0065 SCTP FWD Chunk Memory Corruption
 * Linux Kernel 2.6.x SCTP FWD Memory COrruption Remote Exploit
 *
 * coded by: sgrakkyu <at> antifork.org
 * http://kernelbof.blogspot.com
 *
 *
 * NOTE: you need at least one sctp application bound on the target box
 *
 * Supported target:

## gist:f7db41be62dd4e3e15b6bfba003b9763
/*
 * diane_lane_fucked_hard.c
 *
 * Linux vmsplice Local Root Exploit
 * By qaaz
 *
 * Linux 2.6.23 - 2.6.24
 */
#define _GNU_SOURCE
#include <stdio.h>

## gist:80d9508e94224b9dac08f75abc5fd1ba
# https://www.quora.com/Bash-shell-What-are-the-best-bashrc-pranks/answer/Baptiste-Fontaine
trap '[ "$RANDOM" -le 2000 ] && exit' DEBUG

# confuse the damn kids
export PS1='C:${PWD////\\\\}> '

# sysadmin's april fouls rickroll
curl -s -L https://raw.githubusercontent.com/keroserene/rickrollrc/master/roll.sh | bash

# poor man's sl

## pipefail_examples.sh
#!/bin/bash
# author: Yoram van de Velde ( _@sp2.io )

# Examples of why pipefail is really important to use.

# We enable exit on error functionality
set -o errexit

# These commands will fail but not stop the script because of the pipes
# to succesfull commands. This works because error is output to stderr,

## generate-netfilter-u32-dns-rule-with-CAA
#!/usr/bin/python

"""
Produces a Linux Netfilter u32 rule to match DNS requests for a given
domain name and/or a given query type.

Typical usage:
% python generate-netfilter-u32-rule.py --qname ripe.net --qtype ANY
Can be embedded in iptables' invocations for instance:
rule=$(python generate-rule.py args...)

## keybase.md

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
          
            
              
              0 comments
            
          
          
            
              
              0 stars
            
          
        
        
          
              
          
          
            
                yoramvandevelde
                / keybase.md
            
            
              Created
              January 12, 2017 12:03
            
          
        
      
        
  
      
    Keybase proof

I hereby claim:

I am yoramvandevelde on github.
I am yoram (https://keybase.io/yoram) on keybase.
I have a public key ASCWllnVtkiiXmGkq-GudwXvcbOUhPs3kzHm-pLwpppZ4Ao

To claim this, I am signing this object:
	yoram _ /tmp => alias aliaspwd='echo "`pwd`"'
	yoram _ /tmp => aliaspwd
	/tmp
	yoram _ /tmp => cd ..
	yoram _ / => aliaspwd
	/
	# Run as administrator
	netsh advfirewall firewall add rule name="allow xdebug" dir=in action=allow protocol=TCP localport=9003
	# Problem with header manipulation because of CRLF injection
	# on nginx this is because of $host$uri usage over $host$request_uri
	$ echo -e "GET /%0D%0ASet-Cookie: hack%0D%0AX-FoRwArDeDFor: yoram HTTP/1.1\r\nHost: $HOSTNAME\r\n" \| \
	ncat $HOSTNAME 80
	HTTP/1.1 301 Moved Permanently
	Server: nginx
	Date: Thu, 01 Apr 2021 10:15:40 GMT
	Content-Type: text/html
	Content-Length: 162
	Connection: keep-alive
	/*
	* Linux Kernel <= 2.6.37 local privilege escalation
	* by Dan Rosenberg
	* @djrbliss on twitter
	*
	* Usage:
	* gcc full-nelson.c -o full-nelson
	* ./full-nelson
	*
	* This exploit leverages three vulnerabilities to get root, all of which were
	/* CVE-2009-0065 SCTP FWD Chunk Memory Corruption
	* Linux Kernel 2.6.x SCTP FWD Memory COrruption Remote Exploit
	*
	* coded by: sgrakkyu <at> antifork.org
	* http://kernelbof.blogspot.com
	*
	*
	* NOTE: you need at least one sctp application bound on the target box
	*
	* Supported target:
	/*
	* diane_lane_fucked_hard.c
	*
	* Linux vmsplice Local Root Exploit
	* By qaaz
	*
	* Linux 2.6.23 - 2.6.24
	*/
	#define _GNU_SOURCE
	#include <stdio.h>
	# https://www.quora.com/Bash-shell-What-are-the-best-bashrc-pranks/answer/Baptiste-Fontaine
	trap '[ "$RANDOM" -le 2000 ] && exit' DEBUG

	# confuse the damn kids
	export PS1='C:${PWD////\\\\}> '

	# sysadmin's april fouls rickroll
	curl -s -L https://raw.githubusercontent.com/keroserene/rickrollrc/master/roll.sh \| bash

	# poor man's sl
	#!/bin/bash
	# author: Yoram van de Velde ( _@sp2.io )

	# Examples of why pipefail is really important to use.

	# We enable exit on error functionality
	set -o errexit

	# These commands will fail but not stop the script because of the pipes
	# to succesfull commands. This works because error is output to stderr,
	#!/usr/bin/python

	"""
	Produces a Linux Netfilter u32 rule to match DNS requests for a given
	domain name and/or a given query type.

	Typical usage:
	% python generate-netfilter-u32-rule.py --qname ripe.net --qtype ANY
	Can be embedded in iptables' invocations for instance:
	rule=$(python generate-rule.py args...)