Skip to content

Instantly share code, notes, and snippets.

View shayanb's full-sized avatar
💭
\-=-=|=-=-/

Shayan Eskandari shayanb

💭
\-=-=|=-=-/
403 followers · 285 following
View GitHub Profile
@shayanb
shayanb / gist:3be7a26a8f5849364c0d
Created December 25, 2014 08:28
### Keybase proof
I hereby claim:
* I am shayanb on github.
* I am btctalk (https://keybase.io/btctalk) on keybase.
* I have a public key whose fingerprint is D13A 960E E450 547B 0943 9A21 47DD 5589 4339 49E7
To claim this, I am signing this object:
@shayanb
shayanb / gist:ab30abe3f61423e08a54
Created December 6, 2014 23:58
XSS ghetto collection
_____ _ _ _ __ _______ _____ _____ _ _ _ _
| __ \ | | | | | \ \ / / ___/ ___| / __ \ | | | | | | |
| | \/ |__ ___| |_| |_ ___ \ V /\ `--.\ `--. | / \/ |__ ___ __ _| |_ ___| |__ ___ ___| |_
| | __| '_ \ / _ \ __| __|/ _ \ / \ `--. \`--. \ | | | '_ \ / _ \/ _` | __/ __| '_ \ / _ \/ _ \ __|
| |_\ \ | | | __/ |_| |_| (_) | / /^\ |\__/ /\__/ / | \__/\ | | | __/ (_| | |_\__ \ | | | __/ __/ |_
\____/_| |_|\___|\__|\__|\___/ \/ \|____/\____/ \____/_| |_|\___|\__,_|\__|___/_| |_|\___|\___|\__|
A ghetto collection of XSS payloads that I find to be useful during penetration tests, especially when faced with WAFs or application-based black-list filtering, but feel free to disagree or shoot your AK-74 in the air.
Simple character manipulations.
@shayanb
shayanb / keyUtils.py
Last active August 29, 2015 14:07 — forked from dims/keyUtils.py
import ecdsa
import ecdsa.der
import ecdsa.util
import hashlib
import os
import re
import struct
b58 = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
@shayanb
shayanb / documentation.md
Created July 17, 2014 07:05 — forked from josephwegner/documentation.md

My router has been hacked. Here's what I know:

I'm unaware of how my router became infected, but the password has definitely been changed. I admittedly had not done any firmware updates in quite some time, which could be related to the infection.

The router was setting a custom DNS for google-analytics.com, which pointed to their apparently malicious server. Unfortunately, I did not realize it was DNS manipulation before I reset my router (I thought google-analytics.com was an invalid domain), so I did not get the original IP address. It servers up the script that spearheads this whole thing. The source for that script at the time of writing can be found in the file google-analytics.js

Once google-analytics runs, it inserts an iFrame that directs to http://storage.com/storage.html. The ad serving script is clever in that it will only serve you ads so many times in a given period, so that you won't be able to debug and you might not really think anything is wrong. It stores timed cookies on the storage.com