Rafal Janicki bl4de

## index.php
<?php

/**
 * This file contains functions to retrieve system information and display it in a single file server dashboard.
 * The functions include generating a safe ID, parsing lines, getting CPU info, load average, basic server info,
 * CPU usage, memory usage, disk usage, and disk space.
 *
 * @author Zxce3
 * @version 1.1
 */

## phpdangerousfuncs.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                bl4de
                / phpdangerousfuncs.md
            
            
              Created
              June 3, 2023 01:48
                — forked from mccabe615/phpdangerousfuncs.md
            
              
                Dangerous PHP Functions
              
          
    Command Execution

exec           - Returns last line of commands output
passthru       - Passes commands output directly to the browser
system         - Passes commands output directly to the browser and returns last line
shell_exec     - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen          - Opens read or write pipe to process of a command
proc_open      - Similar to popen() but greater degree of control
pcntl_exec - Executes a program


## bucket-disclose.sh
#!/bin/bash

# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

## Dockerfile
FROM python:3.7-stretch as base

RUN mkdir /base
WORKDIR /base

RUN apt-get update
RUN apt-get install -y wget
RUN apt-get -y install libnss3

RUN apt -y install chromium

## fingerprint.js
(() => {
  let gadgets = [];

  if (typeof _satellite !== 'undefined') {
    gadgets.push('Adobe Dynamic Tag Management');
  }

  if (typeof BOOMR !== 'undefined') {
    gadgets.push('Akamai Boomerang');
  }

## gd-gif.php
<?php

//php gd-gif.php image.gif gd-image.gif

$gif = imagecreatefromgif($argv[1]);
imagegif($gif, $argv[2]);
imagedestroy($gif);
?>

## introspection-query.graphql

  query IntrospectionQuery {
    __schema {
      queryType { name }
      mutationType { name }
      subscriptionType { name }
      types {
        ...FullType
      }
      directives {

## wfuzz.log
bl4de:~ $ wfuzz -c --hc 404 -w ~/hacking/dictionaries/starter.txt http://example.com/FUZZ

Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.

********************************************************
* Wfuzz 2.3.4 - The Web Fuzzer                         *
********************************************************

Target: http://example.com/FUZZ
Total requests: 71935

## crawl-extract-resolve.sh
#!/bin/bash

url='rawsec.ml'

domains=$(curl $url -s | grep -E 'https?://[^"]*' | cut -d '/' -f 3 | cut -d '"' -f 1 | uniq)

filename='/tmp/temporary_ips.txt'

for domain in $domains
do

## content_discovery_nullenc0de.txt
/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0
	<?php

	/**
	* This file contains functions to retrieve system information and display it in a single file server dashboard.
	* The functions include generating a safe ID, parsing lines, getting CPU info, load average, basic server info,
	* CPU usage, memory usage, disk usage, and disk space.
	*
	* @author Zxce3
	* @version 1.1
	*/
	#!/bin/bash

	# Written by Frans Rosén (twitter.com/fransrosen)
	_debug="$2" #turn on debug
	_timeout="20"
	#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
	_aws_key="AKIA..."
	H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
	H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
	FROM python:3.7-stretch as base

	RUN mkdir /base
	WORKDIR /base

	RUN apt-get update
	RUN apt-get install -y wget
	RUN apt-get -y install libnss3

	RUN apt -y install chromium
	(() => {
	let gadgets = [];

	if (typeof _satellite !== 'undefined') {
	gadgets.push('Adobe Dynamic Tag Management');
	}

	if (typeof BOOMR !== 'undefined') {
	gadgets.push('Akamai Boomerang');
	}
	<?php

	//php gd-gif.php image.gif gd-image.gif

	$gif = imagecreatefromgif($argv[1]);
	imagegif($gif, $argv[2]);
	imagedestroy($gif);
	?>

	query IntrospectionQuery {
	__schema {
	queryType { name }
	mutationType { name }
	subscriptionType { name }
	types {
	...FullType
	}
	directives {
	bl4de:~ $ wfuzz -c --hc 404 -w ~/hacking/dictionaries/starter.txt http://example.com/FUZZ

	Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.

	********************************************************
	* Wfuzz 2.3.4 - The Web Fuzzer *
	********************************************************

	Target: http://example.com/FUZZ
	Total requests: 71935
	#!/bin/bash

	url='rawsec.ml'

	domains=$(curl $url -s \| grep -E 'https?://[^"]*' \| cut -d '/' -f 3 \| cut -d '"' -f 1 \| uniq)

	filename='/tmp/temporary_ips.txt'

	for domain in $domains
	do
	/
	$$$lang-translate.service.js.aspx
	$367-Million-Merger-Blocked.html
	$defaultnav
	${idfwbonavigation}.xml
	$_news.php
	$search2
	£º
	.0