Skip to content

Instantly share code, notes, and snippets.

View abdilahrf's full-sized avatar

Abdillah Hasny abdilahrf

204 followers · 68 following
View GitHub Profile
@xynova
xynova / Enable WSL and Ubuntu 16.04 on Windows 10.md
Last active February 14, 2024 01:13
Enable WSL and Ubuntu 16.04 on Windows 10
@stypr
stypr / a-z.md
Last active July 22, 2023 12:35
Harekaze CTF 2019 WEB Writeup (Yokosuka Hackers)

A-z

Simple JS Jail challenge.

It is run on context, so we have nothing but to play with constructor and console.

1337 === eval(our_input)
@zeropwn
zeropwn / Axway SecureTransport 5.x Unauthenticated XXE
Last active November 17, 2023 08:59
Axway SecureTransport 5.x Unauthenticated XML Injection / XXE
_ _
_______ _ __ ___ | | ___ | |
|_ / _ \ '__/ _ \ | |/ _ \| |
/ / __/ | | (_) || | (_) | |
/___\___|_| \___(_)_|\___/|_|
https://zero.lol
zero days 4 days
ATTENTION:
@leodutra
leodutra / -setup-windows-wsl-devenv.md
Last active April 5, 2024 23:44
Install and Setup Windows Subsystem 2 for Linux, Hyper, ZSH + Oh My Zsh + Powerlevel9k + plugins, FNM + VSCode (+ext) and Nerd Font

Setup Windows Subsystem 2 for Linux

Windows Subsystem 2 for Linux, Hyper, ZSH + Oh My Zsh + Powerlevel9k + plugins, FNM + VSCode (+ext) and Nerd Font

To setup native Linux, see this gist

Preview

Requirements

@BlackFan
BlackFan / Bootstrap_XSS.md
Last active April 24, 2024 20:28
Bootstrap XSS Collection

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

➖ Requires user interaction

➖ Requires $('[data-toggle="tooltip"]').tooltip();

@709924470
709924470 / hookNativeFunc.js
Created December 22, 2019 17:17
Frida android native hooking
// Android native hooks By @709924470
// CC-BY-NC 4.0
var moduleName = "libmain.so"; // Module name gose here
var hookFunctions = [
{
name: "Java_com_example_hellojni_getstr", // Function name goes here
onEnter: function(args){
// TODO: your code here
},
onLeave: function(ret){
@securifera
securifera / Filename extension list
Created June 21, 2020 00:31
.php
.html
.txt
.htm
.aspx
.asp
.js
.css
.pgsql.txt
.mysql.txt
@bendtheory
bendtheory / burplist.py
Created January 21, 2021 05:24
import xml.etree.ElementTree as ET
import urllib
import base64
import math
import sys
import re
# usage: Open Burp, navigate to proxy history, ctrl-a to select all records, right click and "Save Items" as an .xml file.
# python burplist.py burprequests.xml
# output is saved to wordlist.txt
@tehseensagar
tehseensagar / gist:d82931fa8427b3b8a8825714b5b113c4
Last active April 25, 2024 12:00
SQLi WAF Bypass All Method
`-=[SQL injection Queries]=-
HOW TO SUCCESSFULLY INJECTING SQL INJECTION
[~] after id no. like id=1 +/*!and*/+1=0 [~]
EX: site.com?index.php?pageid=3 div+0 Union select 1,version(),3,4,5
+div+0
+div false
+Having+1=0+
@honoki
honoki / hackerone-initiate-programs.sh
Last active September 18, 2023 18:56
Create new BBRF programs from your private and public HackerOne programs.
#!/bin/bash
# Initiate new BBRF programs from your public and private HackerOne programs
h1name="<your-hackerone-username>"
apitoken="<your-hackerone-api-token>"
next='https://api.hackerone.com/v1/hackers/programs?page%5Bsize%5D=100'
while [ "$next" ]; do