Skip to content

Instantly share code, notes, and snippets.

View notdodo's full-sized avatar
☁️
randomASDF' or '1'='1

Edoardo Rosa notdodo

☁️
randomASDF' or '1'='1
83 followers · 58 following
View GitHub Profile
@notdodo
notdodo / extractrsa.py
Last active March 8, 2022 18:46
Old script use to extract shared prime from a number of public RSA keys (i.e. generated by malware)
#!/usr/bin/env python3
#
# author: notdodo
#
import os
import sqlite3
import itertools
from multiprocessing import Pool
try:
@notdodo
notdodo / keybase.md
Created April 1, 2020 12:08

Keybase proof

I hereby claim:

  • I am notdodo on github.
  • I am edoardo_rosa (https://keybase.io/edoardo_rosa) on keybase.
  • I have a public key whose fingerprint is 1220 9C4A 9062 019F 3D1D 9B77 BDC2 40F8 81A5 C413

To claim this, I am signing this object:

@notdodo
notdodo / lastrofi.zsh
Created February 23, 2020 21:55
rofi menu to help read Lastpass passwords.
#!/usr/bin/env zsh
if ! hash lpass 2>/dev/null; then
echo "Lastpass not installed"
exit -1
fi
if ! hash xsel 2>/dev/null; then
echo "xsel not installed"
exit -1
@notdodo
notdodo / ecfuck.sh
Last active August 15, 2024 19:46
If you have some protected/licensed slides that require a non-open/compatible PDF reader (i.e. Locklizard) you can use this commands to bypass the block.
#!/usr/bin/bash
#
# Author notdodo
#
#
###############################################################################
# SCENARIO ####################################################################
###############################################################################
@notdodo
notdodo / ssround.zsh
Last active May 13, 2020 19:05
Stealth Scan a list of IPs/subnets with Nmap and multiple from random and multiple VPNs to avoid IP filtering.
#!/usr/bin/env zsh
trap ctrl_c INT
#
# author: notdodo
#
# Scan a set of IPs/subnets using multiple VPN profiles
#
# Default values of arguments
local IPS=""
local CREDENTIALS_FILE="./credentials.txt"
@notdodo
notdodo / lfi_generator.py
Created October 27, 2019 20:36
Create PHP dockers (that are available on the official channel) to create a LFI test laboratory
#!/usr/bin/env python3
import glob
import requests
import subprocess
import sys
from bs4 import BeautifulSoup
from grp import getgrgid
from os import stat, path, chown
from pwd import getpwuid
@notdodo
notdodo / mashell.py
Last active October 14, 2020 05:45
Execute command using HEX or CHAR encoding. Bypass WAF and IPS filtering enabling RCE using xp_cmdshell: https://knifesec.com/evading-sql-injection-filters-to-get-rce/
#!/usr/bin/env python3
# Injector script to get a pseudo-interactive shell using xp_cmdshell
# Source post:
# Author: notdodo
# https://twitter.com/_d_0_d_o_
#
# USAGE: python3 ./mashell.py "whoami /priv"
#
import binascii
import hashlib
@notdodo
notdodo / parse_dump.py
Last active March 17, 2020 18:10
Parse `sqlmap` dumps from data breaches or leaks file into a JSON file
#!/usr/bin/env python3
# -*- encoding: ascii -*-
#
# AUTHOR: Edoardo Rosa dodo https://github.com/notdodo
#
# DESCRIPTION: Parse `sqlmap` dumps from data breaches or leaks into JSON files
#
# Some files have shitty encoding/chars and they must be educated:
# sed -i 's/[^[:print:]\t]//g; s/\\r//g' *.txt
import click
@notdodo
notdodo / OSCPbuffer.md
Last active January 26, 2019 11:57

Speed up videos

document.getElementById("video").playbackRate = 1.5;

VPN - NM

[vpn]
dev-type=tap
@notdodo
notdodo / cleanvba.zsh
Created December 31, 2018 14:33
Clean VBA: this script should remove unused variables in obfuscated VBAs (should work also for other files)
#!/usr/bin/env zsh
#
toclean=${1}
while read line; do
local length=$(echo -n ${line} | \wc -m)
if [[ ${length} -ge 50 ]]; then
local match=$(echo ${line} | \awk '{print $1}')
local file_match=$(\rg -i ${match} * -c | \awk -F ':' '{print $1}')