Skip to content

Instantly share code, notes, and snippets.

View hartl3y94's full-sized avatar
💭
I may be slow to respond.

Martin T. hartl3y94

💭
I may be slow to respond.
  • Hartley94
  • Kenya
View GitHub Profile
@hartl3y94
hartl3y94 / sqli-bypass-waf.txt
Created April 14, 2025 13:14 — forked from zetc0de/sqli-bypass-waf.txt
Bypass WAF Sql Injection
[~] order by [~]
/**/ORDER/**/BY/**/
/*!order*/+/*!by*/
/*!ORDER BY*/
/*!50000ORDER BY*/
/*!50000ORDER*//**//*!50000BY*/
/*!12345ORDER*/+/*!BY*/
[~] UNION select [~]
@hartl3y94
hartl3y94 / gist:63baad57308f1ab9a80fae11d25cd166
Created December 22, 2024 10:21 — forked from jaredsburrows/gist:9e121d2e5f1147ab12a696cf548b90b0
full English translation of Phineas Fisher's account of how he took down HackingTeam - https://www.reddit.com/r/netsec/comments/4f3e6p/full_english_translation_of_phineas_fishers/
_ _ _ ____ _ _
| | | | __ _ ___| | __ | __ ) __ _ ___| | _| |
| |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / |
| _ | (_| | (__| < | |_) | (_| | (__| <|_|
|_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_)
A DIY Guide
@hartl3y94
hartl3y94 / geoip2lookup.bash
Created August 9, 2024 12:38 — forked from bmatthewshea/geoip2lookup.bash
GeoIP Lookup scripts for use with new Maxmind MMDB database files
#!/bin/bash
#
# By: Brady Shea - 10FEB2020 - Last update 04DEC2023
#
# Usage (ip4 only):
# geoip2lookup IP_ADDRESS
#
# ** Install GeoIP Tool and Updater **
#
# sudo add-apt-repository ppa:maxmind/ppa
@hartl3y94
hartl3y94 / all-dutch-government.md
Created February 22, 2024 09:36 — forked from R0X4R/all-dutch-government.md
Dutch government bug bounty scope. Updates will pushed every month

Dutch Government Bug Bounty Scope

The National Cyber Security Centre (NCSC) contributes to jointly enhancing the resilience of the Dutch society in the digital domain and, in doing so, realizes a safe, open and stable information society by providing insight and offering a perspective for action. Therefore it is essential that the ICT systems of the NCSC are safe. The NCSC strives towards providing a high level of security for its system. However, it can occur that one of these systems has a vulnerability.

For more information about reporting the bugs go to https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd

Source https://gist.github.com/random-robbie/f985ad14fede2c04ac82dd89653f52ad
https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid

@hartl3y94
hartl3y94 / mem-loader.asm
Created March 17, 2022 10:10 — forked from zznop/mem-loader.asm
Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by https://x-c3ll.github.io/posts/fileless-memfd_create/)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;
;;; Copyright (C), zznop, [email protected]
;;;
;;; This software may be modified and distributed under the terms
;;; of the MIT license. See the LICENSE file for details.
;;;
;;; DESCRIPTION
;;;
;;; This PoC shellcode is meant to be compiled as a blob and prepended to a ELF
@hartl3y94
hartl3y94 / heartbleed.py
Created February 10, 2022 13:14 — forked from eelsivart/heartbleed.py
Heartbleed (CVE-2014-0160) Test & Exploit Python Script
#!/usr/bin/python
# Modified by Travis Lee
# Last Updated: 4/21/14
# Version 1.16
#
# -changed output to display text only instead of hexdump and made it easier to read
# -added option to specify number of times to connect to server (to get more data)
# -added option to send STARTTLS command for use with SMTP/POP/IMAP/FTP/etc...
# -added option to specify an input file of multiple hosts, line delimited, with or without a port specified (host:port)
@hartl3y94
hartl3y94 / samba-usermap-exploit.py
Created February 10, 2022 12:55 — forked from joenorton8014/samba-usermap-exploit.py
#!/usr/bin/python
from smb.SMBConnection import SMBConnection
import random, string
from smb import smb_structs
smb_structs.SUPPORT_SMB2 = False
import sys
# Just a python version of a very simple Samba exploit.
@hartl3y94
hartl3y94 / annotations.xml
Created October 7, 2021 05:13 — forked from Neo23x0/annotations.xml
Sources for APT Groups and Operations Search Engine
<?xml version="1.0" encoding="UTF-8"?>
<Annotations start="0" num="169" total="169">
<Annotation about="www.zerodayinitiative.com/blog/*" timestamp="0x0005cc990a000f3e" href="CiB3d3cuemVyb2RheWluaXRpYXRpdmUuY29tL2Jsb2cvKhC-noDQkJPzAg">
<Label name="_cse_turlh5vi4xc"/>
<AdditionalData attribute="original_url" value="https://www.zerodayinitiative.com/blog/"/>
</Annotation>
<Annotation about="codewhitesec.blogspot.com/*" timestamp="0x0005cc9908539282" href="Chtjb2Rld2hpdGVzZWMuYmxvZ3Nwb3QuY29tLyoQgqXOwpCT8wI">
<Label name="_cse_turlh5vi4xc"/>
<AdditionalData attribute="original_url" value="https://codewhitesec.blogspot.com/"/>
</Annotation>
@hartl3y94
hartl3y94 / .. MediaCreationTool.bat ..md
Created October 7, 2021 03:19 — forked from AveYo/.. MediaCreationTool.bat ..md
Universal MediaCreationTool wrapper for all MCT Windows 10 versions from 1507 to 21H1 with business (Enterprise) edition support

Not just an Universal MediaCreationTool wrapper script with ingenious support for business editions,
Preview
A powerful yet simple windows 10 / 11 deployment automation tool as well!

configure via set vars, commandline parameters or rename script like iso 21H2 Pro MediaCreationTool.bat
recommended windows setup options with the least amount of issues on upgrades already set
awesome keyboard focus dialogs to pick windows version and enhanced preset action

Auto Setup for upgrading directly with the auto-detected Edition, Language, Architecture *
- can troubleshoot auto setup failing by adding no_update to script name

@hartl3y94
hartl3y94 / unssz.py
Created June 6, 2021 14:09 — forked from dfirfpi/unssz.py
Decrypt Samsung / Seagate Secure Zone crypto container (without knowing the password... uao...).
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright 2017, Francesco "dfirfpi" Picasso <[email protected]>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0