Skip to content

Instantly share code, notes, and snippets.

View EdOverflow's full-sized avatar
I swear there was an XSS somewhere around here...

EdOverflow EdOverflow

I swear there was an XSS somewhere around here...
3.2k followers · 22 following
View GitHub Profile
@fransr
fransr / bucket-disclose.sh
Last active May 1, 2024 09:46
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@evilsocket
evilsocket / magniber_decryptor.cpp
Created October 19, 2017 14:09
Decryptor for Magniber ransomware ( https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/ )
/*
* This tool will decrypt files encrypted by the Magniber ransomware with
* AES128 ( CBC mode ) algorithm.
*
* RE and report by MalwareBytes ( @hasherezade )
*
* https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/
*
* Decryptor written by Simone 'evilsocket' Margaritelli
*
@bayotop
bayotop / h1ctf.py
Last active April 17, 2019 04:52
Capture The Flag: reversing the password (https://docs.google.com/document/d/1sz2-n-IiqPGDm6b6NF8ajYogTbirOddNm45Uvj3eBq8/edit) - POC
import sys
import binascii
data = bytearray.fromhex("7b0a20a0226576e56e7422ba202270e1737377ef72645fe368616ee765222c8a202022f5736572ee616d65a23a2022e2636f6cec696e22ac0a2020a26f6c64df706173f3776f72e4223a20a23a5c78c3375c78c6345c6edc784146a9293743dc783135dc784430dc784633dc784445e9553b22ac0a2020a26e6577df706173f3776f72e4223a20a2395c78c6415c78b9395c78c3415c78c5445c78c6325853c75c7844c42d5c78c3325c78b8457a48eb222c0aa0202274e96d6573f4616d70a23a2031b5303138b5383836b03030308a7d0a")
corrected = bytearray()
# Print original data given
for n in data:
sys.stdout.write(chr(n))
@tomnomnom
tomnomnom / php-curl-crlf-injection.mkd
Last active February 27, 2023 20:19
CRLF Injection Into PHP's cURL Options

CRLF Injection Into PHP's cURL Options

I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.

If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.

@jhaddix
jhaddix / all.txt
Last active May 2, 2024 10:20
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@max-mapper
max-mapper / bibtex.png
Last active March 10, 2024 21:53
How to make a scientific looking PDF from markdown (with bibliography)
bibtex.png
@BuffaloWill
BuffaloWill / cloud_metadata.txt
Last active April 16, 2024 04:15
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]