Skip to content

Instantly share code, notes, and snippets.

View wliment's full-sized avatar

wliment

6 followers · 14 following
View GitHub Profile
@inability
inability / execution-through-execution.md
Last active November 29, 2018 13:29
Using Unix programs to execute other programs

This Gist documents Unix utilities that have options that can be abused to execute other, arbritrary commands. This information can be useful in many scenarios -- the ones that come to mind are abusing certain /etc/sudoers configurations, breaking out of limited shells (eg. the ones provided in many network devices) and getting RCE in webapps even with restrictive filters in place.

Many of these examples originally came from this blogpost.

This is the script that was used to test these examples:

$ cat test.sh
#!/bin/sh
@milmazz
milmazz / ipv4parser.ex
Last active January 15, 2021 23:43
The Little Elixir & OTP Guidebook
defmodule IPv4Parser do
@moduledoc """
Exercise 2.8.6 from the book The Little Elixir & OTP Guidebook
The idea is to take a look at the IPv4 packet spec and try to write a
parser.
"""
def parse(packet) do
<<
@lanceliao
lanceliao / dnsmasq-gfwlist.py
Last active June 19, 2024 00:35
将gfwlist转换成带ipset的dnsmasq规则,适用于OpenWrt智能上网
#!/usr/bin/env python
#coding=utf-8
#
# Generate a list of dnsmasq rules with ipset for gfwlist
#
# Copyright (C) 2014 http://www.shuyz.com
# Ref https://code.google.com/p/autoproxy-gfwlist/wiki/Rules
import urllib2
import re
@oakhole
oakhole / RandomValidateCode.java
Last active January 10, 2018 15:51
生成随机验证码
import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.util.Random;
import javax.imageio.ImageIO;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@wliment
wliment / server.js
Last active December 27, 2015 09:39
Node 获取公积金 数据(新疆)(过期,原网站弃用)
var fs = require('fs')
, http = require('http')
, socketio = require('socket.io')
, request = require('request')
var server = http.createServer(function(req, res) {
res.writeHead(200, { 'Content-type': 'text/html'});
res.end(fs.readFileSync(__dirname + '/index.html'));
}).listen(8080, function() {
console.log('Listening at: http://localhost:8080');
});
@corsix
corsix / Exploiting Lua 5.1 on 32-bit Windows.md
Created September 16, 2013 00:20

Exploiting Lua 5.1 on 32-bit Windows

The following Lua program generates a Lua bytecode program called ignore-unsigned-sga.fnt, which in turn loads a DLL from within an extremely locked down Lua 5.1 sandbox in a program called RelicCOH2.exe. The remainder of this document attempts to explain how this program works by a whirlwind tour of relevent bits of the Lua 5.1 virtual machine.

if string.dump(function()end):sub(1, 12) ~= "\27Lua\81\0\1\4\4\4\8\0" then
  error("This generator requires a 32-bit version of Lua 5.1")
end

local function outer()
  local magic -- In bytecode, the stack slot corresponding to this local is changed
@andreif
andreif / Simple DNS server (UDP and TCP) in Python using dnslib.py
Last active April 9, 2024 07:19
# coding=utf-8
"""
LICENSE http://www.apache.org/licenses/LICENSE-2.0
"""
import datetime
import sys
import time
import threading
import traceback
import SocketServer
@cwarden
cwarden / example-try-catch.lua
Created September 9, 2011 23:06
require "try-catch"
try {
function()
error('oops')
end,
catch {
function(error)
print('caught error: ' .. error)
@eligrey
eligrey / object-watch.js
Created April 30, 2010 01:38
object.watch polyfill in ES5
/*
* object.watch polyfill
*
* 2012-04-03
*
* By Eli Grey, http://eligrey.com
* Public Domain.
* NO WARRANTY EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK.
*/