Skip to content

Instantly share code, notes, and snippets.

View lc-at's full-sized avatar
🧀
eating cheese

Faiz Jazadi lc-at

🧀
eating cheese
449 followers · 339 following
View GitHub Profile
@lc-at
lc-at / tts.py
Last active July 4, 2018 19:53
google_tts: simple python script to convert text to speech based on Google Translate
#!/usr/bin/python
import requests
import sys
import playsound
import time
try:
import readline
except:
@lc-at
lc-at / __init__.py
Created April 9, 2018 07:04
gaga_enc: not too useful script to encode a string
main_char_lower = {"a": "b","c": "d","e": "f","g": "h","i": "j","k": "l","m": "n","o": "p","q": "r","s": "t","u": "v","w": "x","y": "z"}
for key,value in main_char_lower.items(): main_char_lower[value] = key
main_char_upper = dict()
for key,value in main_char_lower.items(): main_char_upper[key.upper()] = value.upper()
main_char_d_lower = dict()
for key,value in main_char_lower.items(): main_char_d_lower[value] = key
main_char_d_upper = dict()
for key,value in main_char_upper.items(): main_char_d_upper[value] = key
main_char_num = {"0": "1", "2": "3", "4": "5", "6": "7", "8": "9"}
for key,value in main_char_num.items(): main_char_num[value] = key
@lc-at
lc-at / gaga_enc.py
Last active April 9, 2018 06:54
wcred: steal saved wifi credential and send it to attacker's server
main_char_lower = {"a": "b","c": "d","e": "f","g": "h","i": "j","k": "l","m": "n","o": "p","q": "r","s": "t","u": "v","w": "x","y": "z"}
for key,value in main_char_lower.items(): main_char_lower[value] = key
main_char_upper = dict()
for key,value in main_char_lower.items(): main_char_upper[key.upper()] = value.upper()
main_char_d_lower = dict()
for key,value in main_char_lower.items(): main_char_d_lower[value] = key
main_char_d_upper = dict()
for key,value in main_char_upper.items(): main_char_d_upper[value] = key
main_char_num = {"0": "1", "2": "3", "4": "5", "6": "7", "8": "9"}
for key,value in main_char_num.items(): main_char_num[value] = key
@lc-at
lc-at / gen_cred.py
Created April 7, 2018 04:49
spam-phising: an example of phising site spammer script
import random
class credential_generator:
def __init__(self, username_list, password_list, email_list=['gmail.com', 'yahoo.com', 'yandex.com', 'protonmail.com']):
self.u_list = open(username_list, "r").readlines()
self.p_list = open(password_list, "r").readlines()
self.u_listf = []
self.p_listf = []
self.e_listf = email_list
for username in self.u_list:
self.u_listf.append(username.rstrip())
@lc-at
lc-at / whatsapp.js
Last active May 23, 2024 19:33
WhatsApp Group Phone Number Grabber: grab all (unsaved) phone numbers in WhatsApp group
/*
Paste the following minified script to browser console (with WhatsApp Web open)
---------------
var phone_list=[];function get_list(e){var t=document.getElementsByClassName("O90ur")[0].innerText;t=t.split(", ");for(var l=0;l<t.length;l++)num=t[l].replace(/[^0-9]/g,""),"6"==num.charAt(0)&&(phone_list.includes(num)||phone_list.push(num));e&&alert(phone_list.join("\n"))}function doc_keyUp(e){e.ctrlKey&&57==e.keyCode?get_list(!0):e.ctrlKey&&56==e.keyCode?(get_list(!1),document.title="List successfully captured!"):e.ctrlKey&&55==e.keyCode?(phone_list=[],document.title="List successfully cleared!"):e.ctrlKey&&54==e.keyCode&&(document.title="Current list length: "+phone_list.length)}document.addEventListener("keyup",doc_keyUp,!1);
---------------
After entering above text, you can use these hotkeys:
- CTRL+9: capture current group chat phone numbers (unsaved numbers) and display an alert()
- CTRL+8: capture current group chat phone numbers and show notification in page title
- CTRL+7: clear captured phone_number
@lc-at
lc-at / pivoting.md
Last active January 19, 2023 10:19
KULGRAM Surabaya Hacker Link tentang Pivoting

Pivoting

Apa itu Pivoting?

Pivoting merupakan metode yang menggunakan "instance" yang biasa disebut "pivot host" atau "foothold" agar bisa "berpindah" dari suatu tempat ke tempat di dalam

jaringan yg sudah dihek. Simplenya, kita pakai asumsi dibawah untuk pivoting melakukan pivoting dengan OpenSSH.

  • Attacker punya "akses shell" ke sebuah komputer (dalam hal ini, osnya linux, nanti sesuain aja)
  • Komputer tadi selanjutnya disebut "Pivot host"
  • Di komputer itu sudah terinstall client OpenSSH dengan setting GatewayPorts menyala (di /etc/ssh/sshd_config) untuk memungkinkan reverse ssh port forwarding (baca: https://blog.devolutions.net/2017/3/what-is-reverse-ssh-port-forwarding)
  • Di komputer attacker, server OpenSSH berjalan di port 22
  • Port 22 di komputer attacker sudah diforward atau diekspose ke internet (sehingga bisa diakses oleh pivot host)
@lc-at
lc-at / timthumb.php
Created January 7, 2018 16:30
WordPress TimThumb Finder
<html>
<title>WordPress TimThumb Finder</title>
<?php
/*
* WordPress TimThumb Finder
* Author : P4kL0nc4t
* Date : 07/01/2018
* Adapted from Wordpress TimThumb Finder v1.0 by Rafay Baloch (Python) -> https://dl.packetstormsecurity.net/UNIX/scanners/wptimthumb-scanner.txt
*/
if(isset($_REQUEST['url'])) {