Skip to content

Instantly share code, notes, and snippets.

View HashCrack369's full-sized avatar

HashCrack369

1 follower · 18 following
View GitHub Profile
@folknor
folknor / ytcheck.lua
Created July 5, 2018 09:07
#!/usr/bin/lua
local _FEEDS = {
"https://www.youtube.com/feeds/videos.xml?channel_id=UCzQUP1qoWDoEbmsQxvdjxgQ", -- JRE
"https://www.youtube.com/feeds/videos.xml?channel_id=UCNAxrHudMfdzNi6NxruKPLw", -- Sam
}
local sh = require("sh")
local _t = tostring
local feedparser = require("feedparser")
@nzec
nzec / README.MD
Last active April 16, 2026 13:47
DeezLoader Offical Page

Thanks to /u/zpoo32 for reporting several issues in this list!

Deemix

  • deemix: just the cli and the library
  • deemix-pyweb: the app with a GUI
  • deemix-server: just the server part of deemix-pyweb
@SciresM
SciresM / public_keys.md
Last active March 3, 2025 12:10

Nintendo Switch RSA-PKCS#1 Public Key Recovery

This is a short writeup of a fun (but ultimately pretty useless) attack I implemented on the Nintendo Switch a few months ago resulting in the recovery of some otherwise unobtainable RSA public keys. Since public keys aren't private keys, this is pretty useless, apart from letting us validate some signatures on PC. Even so, the attack is a pretty cool one, so I thought I'd write it up.

Every Switch gamecart has a unique certificate (called its "CERT"), storing an RSA signature followed by some kind of unknown but unique encrypted data. I was trying to reverse how these certificates work, and the obvious first step was to try to see how they were validated. However, when I tried looking through the FileSystem (FS) module, which should be responsible for validating these certificates, I found no references to the format at all. The "CERT" magic number was nowhere to be seen, and I couldn't find an RSA modulus that validated the signatures I had. This was in

@haccer
haccer / scanio.sh
Last active July 3, 2025 21:27
PoC script to mass-locate vulnerable subdomains using results from Rapid7's Project Sonar
#!/bin/bash
# Usage : ./scanio.sh <save file>
# Example: ./scanio.sh cname_list.txt
# Premium
function ech() {
spinner=( "|" "/" "-" "\\" )
while true; do
for i in ${spinner[@]}; do
echo -ne "\r[$i] $1"
@xor10
xor10 / test_api.user.js
Created September 26, 2017 19:22
// ==UserScript==
// @name Test
// @version 1.0.0
// @namespace @XOR
// @include *example.com*
// @grant GM.notification
// @grant GM.openInTab
// @grant GM.setClipboard
// ==/UserScript==
@buzzinga-sks
buzzinga-sks / JioTv m3u8
Created September 4, 2017 18:21
For any HD CHANNEL http://sklktcdnems05.cdnsrv.jio.com/jiotv.live.cdn.jio.com/Channel_Name_HD/Channel_Name_HD_1200.m3u8
eg: http://sklktcdnems05.cdnsrv.jio.com/jiotv.live.cdn.jio.com/AXN_HD/AXN_HD_1200.m3u8
For SD Channels, http://sklktcdnems05.cdnsrv.jio.com/jiotv.live.cdn.jio.com/Channel_Name/Channel_Name_800.m3u8
eg: http://sklktcdnems05.cdnsrv.jio.com/jiotv.live.cdn.jio.com/Discovery/Discovery_800.m3u8
HAVE FUN WITH THE FREE STUFF...GOOD LUCK GUYS
@jhaddix
jhaddix / all.txt
Last active April 12, 2026 06:29
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@clarketm
clarketm / google-dorks
Created January 30, 2017 10:01 — forked from stevenswafford/google-dorks
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@ejcx
ejcx / top-700k.json
Created February 24, 2016 09:37
Alexa Top 700k Survey
{"":"","HTTP/1.1 200 OK":"","access-control-allow-credentials":"true","access-control-allow-origin":"http://evil.com.ej.cx","cache-control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","content-type":"text/html","date":"wed, 24 feb 2016 01:17:21 gmt","expires":"thu, 19 nov 1981 08:52:00 gmt","pragma":"no-cache","server":"apache/2.2.22 (ubuntu)","set-cookie":"phpsessid=2phdir1nkjt822p5lelc2vtf65; path=/","vary":"accept-encoding","x-hostname":"http://.ej.cx","x-powered-by":"php/5.3.10-1ubuntu3.21"}
{"":"","HTTP/1.1 302 Found":"","access-control-allow-credentials":"true","access-control-allow-methods":"get, head, post, put, patch, delete, options","access-control-allow-origin":"https://wetransfer.com.evil.com","access-control-expose-headers":"","access-control-max-age":"60","cache-control":"no-cache","connection":"keep-alive","content-type":"text/html; charset=utf-8","date":"wed, 24 feb 2016 01:17:55 gmt","location":"https://www.wetransfer.com/","server":"nginx","status":"302 found","vary":"o
@ejcx
ejcx / respirator.go
Last active May 1, 2025 19:16
package main
import (
"bufio"
"encoding/json"
"fmt"
"log"
"os"
"strings"
)