fyxme
/ CVE-2025-64509.py
Last active
November 13, 2025 04:29
CVE-2025-64509 - Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Proof of Concept for Bugsink Brotli Decompression DoS Vulnerability | |
| This script sends a crafted Brotli-compressed envelope to a Bugsink server, | |
| demonstrating the CPU exhaustion vulnerability in versions before 2.0.6. | |
| The vulnerability allows an attacker with knowledge of the DSN to send | |
| specially crafted Brotli-compressed data that causes excessive CPU usage | |
| during decompression, leading to denial of service. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "context" | |
| "encoding/binary" | |
| "flag" | |
| "fmt" | |
| "net" | |
| "os" | |
| "os/signal" |
fyxme
/ hc_wifi_hash_generator.py
Created
August 20, 2025 09:13
This script generates a hashcat compatible hash (mode 22000) from a given WiFi SSID and password.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| WiFi Hash Generator for Hashcat Type 22000 (WPA/WPA2/WPA3) | |
| This script generates a hashcat compatible hash (type 22000) from a given WiFi SSID and password. | |
| The format follows the hashcat 22000 specification for WPA/WPA2/WPA3 handshakes. | |
| Usage: | |
| python wifi_hash_generator.py <SSID> <password> | |
| python wifi_hash_generator.py --ssid "MyNetwork" --password "mypassword123" |
fyxme
/ RTX_4090_7x.v7_0_0.O-w4.18_Aug_2025.hcb
Created
August 18, 2025 18:02
Hashcat v7.0.0 benchmark on 7x NVIDIA GeForce RTX 4090 | (cmd: `hashcat -w 4 -O -b`)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hashcat (v7.0.0) starting in benchmark mode | |
| Initializing bridges. Please be patient...Initialized bridgesInitializing backend runtimes. Please be patient...Initialized backend runtimesInitializing backend devices. Please be patient...Initialized backend devicesCUDA API (CUDA 12.8) | |
| ==================== | |
| * Device #01: NVIDIA GeForce RTX 4090, 23698/24091 MB, 128MCU | |
| * Device #02: NVIDIA GeForce RTX 4090, 23698/24091 MB, 128MCU | |
| * Device #03: NVIDIA GeForce RTX 4090, 23698/24091 MB, 128MCU | |
| * Device #04: NVIDIA GeForce RTX 4090, 23698/24091 MB, 128MCU | |
| * Device #05: NVIDIA GeForce RTX 4090, 23698/24091 MB, 128MCU | |
| * Device #06: NVIDIA GeForce RTX 4090, 23698/24091 MB, 128MCU |
fyxme
/ RTX_5090_2x.v7_0_0.O-w4.18_Aug_2025.hcb
Last active
August 20, 2025 20:43
Hashcat v7.0.0 benchmark on 2x NVIDIA GeForce RTX 5090 | (cmd: `hashcat -w 4 -O -b`)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hashcat (v7.0.0) starting in benchmark mode | |
| Initializing bridges. Please be patient...Initialized bridgesInitializing backend runtimes. Please be patient...Initialized backend runtimesInitializing backend devices. Please be patient...Initialized backend devicesCUDA API (CUDA 12.9) | |
| ==================== | |
| * Device #01: NVIDIA GeForce RTX 5090, 31604/32109 MB, 170MCU | |
| * Device #02: NVIDIA GeForce RTX 5090, 31604/32109 MB, 170MCU | |
| OpenCL API (OpenCL 3.0 CUDA 12.9.40) - Platform #1 [NVIDIA Corporation] | |
| ======================================================================= | |
| * Device #03: NVIDIA GeForce RTX 5090, skipped |
fyxme
/ RTX_3090_5x.v7_0_0.O-w4.18_Aug_2025.hcb
Created
August 18, 2025 17:35
Hashcat v7.0.0 benchmark on 5x NVIDIA GeForce RTX 3090 | (cmd: `hashcat -w 4 -O -b`)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hashcat (v7.0.0) starting in benchmark mode | |
| Initializing bridges. Please be patient...Initialized bridgesInitializing backend runtimes. Please be patient...Initialized backend runtimesInitializing backend devices. Please be patient...Initialized backend devicesCUDA API (CUDA 12.9) | |
| ==================== | |
| * Device #01: NVIDIA GeForce RTX 3090, 23863/24125 MB, 82MCU | |
| * Device #02: NVIDIA GeForce RTX 3090, 23863/24125 MB, 82MCU | |
| * Device #03: NVIDIA GeForce RTX 3090, 23862/24124 MB, 82MCU | |
| * Device #04: NVIDIA GeForce RTX 3090, 23863/24125 MB, 82MCU | |
| * Device #05: NVIDIA GeForce RTX 3090, 23863/24125 MB, 82MCU |
fyxme
/ minimalcj.go
Last active
January 17, 2025 23:44
Golang Minimal CookieJar Implementation which always returns all cookies, regardless of domain or url (Insecure but usefull for testing or writing POCs)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| Minimal CookieJar implementation which always returns all cookies (ie. disregard the url passed and cookie domain) | |
| Usefull for testing or writing exploit code (eg. during a CTF where ip/host/domains may be interchanged in the client) | |
| WARNING: Do not use in prod.. this is super unsafe... Just good for testing | |
| Author: fyx.me | |
| gist: https://gist.github.com/fyxme/2bceed4038e2be71ce1deb7e6e9db434 |
fyxme
/ send-mail.py
Last active
August 20, 2025 20:45
Using Python to send emails via the Outlook web interface
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # pip install exchangelib | |
| from exchangelib import Configuration, Credentials, Account, Message, Mailbox, FileAttachment,DELEGATE, HTMLBody | |
| import sys, json | |
| # bypass SSL | |
| from exchangelib.protocol import BaseProtocol, NoVerifyHTTPAdapter | |
| BaseProtocol.HTTP_ADAPTER_CLS = NoVerifyHTTPAdapter | |
| if __name__ == "__main__": | |
| U = 'LAB\\myuser' |
fyxme
/ replay-http.go
Last active
February 16, 2024 15:58
Replay an HTTP request from a txt file in golang
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| // src: https://gist.github.com/fyxme/25fb9bc7a3c76997ec51da30d3f3e4dd | |
| import ( | |
| "bufio" | |
| "flag" | |
| "fmt" | |
| "io/ioutil" | |
| "net/http" |
fyxme
/ print_har_endpoints.py
Created
December 5, 2023 05:29
Print HAR file endpoints (METHOD + URL)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # yonked 95% from https://gist.github.com/craSH/892479/raw/21d5c3222739743cad6e6e5c5f1597daecbe560e/har_response_urls.py | |
| # | |
| # Running more than one file: (Cbf updating this script even thought it would be trivial) | |
| # IFS=$'\n' | |
| # for f in `find .. | grep har`; do ./har_response_urls.py "$f"; done | tee all.txt | |
| import json |
NewerOlder