Skip to content

Instantly share code, notes, and snippets.

View mstxq17's full-sized avatar
🤒
Hello World!

xq17 mstxq17

🤒
Hello World!
396 followers · 62 following
View GitHub Profile
@testanull
testanull / PoC_CVE-2021-28482.py
Created May 2, 2021 11:10
PoC of CVE-2021-28482
import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
@int0x80
int0x80 / Git Creds.md
Created January 7, 2021 15:59

Finding creds in git repos is awesome.

$ for commit in $(seq 1 $(git reflog | wc -l)); do git diff HEAD@{$commit} 2>/dev/null | grep password; done
-spring.datasource.password=g!'301T%y%xT@uL`
+spring.datasource.password=4AT&G;[H@&'\^uDK
-spring.datasource.password=UmAnR=-v|{2=gyx?
+spring.datasource.password=4AT&G;[H@&'\^uDK
...
@m4ll0k
m4ll0k / gist:c33c3bac057584642c8a63144888e3d1
Created June 22, 2020 13:16
# replace $mytarget with your target
gau $mytarget|egrep -iv '\.json'|grep -iE '\.js'|antiburl|awk '{print $4}' | xargs -I %% bash -c 'python3 SecretFinder.py -i %% -o cli'
# use -r option for extract anything
gau $mytarget|egrep -iv '\.json'|grep -iE '\.js'|antiburl|awk '{print $4}' | xargs -I %% bash -c 'python3 SecretFinder.py -i %% -o cli -r "$anything"'
@y0ngb1n
y0ngb1n / docker-registry-mirrors.md
Last active September 23, 2024 05:49
国内的 Docker Hub 镜像加速器,由国内教育机构与各大云服务商提供的镜像加速服务 | Dockerized 实践 https://github.com/y0ngb1n/dockerized
@monoxgas
monoxgas / Invoke-DCSync.ps1
Last active June 24, 2024 21:42
What more could you want?
This file has been truncated, but you can view the full file.
function Invoke-DCSync
{
<#
.SYNOPSIS
Uses dcsync from mimikatz to collect NTLM hashes from the domain.
Author: @monoxgas
Improved by: @harmj0y