Skip to content

Instantly share code, notes, and snippets.

Avatar
:shipit:
always depressed in 0.0.0.0

Alpha gitnepal

:shipit:
always depressed in 0.0.0.0
  • medium.com/@admin.
  • Paradox 0.0.0.0
  • Twitter @___0x00
View GitHub Profile
@gitnepal
gitnepal / vimarrows.txt
Last active Dec 13, 2018
vim fix arrows keys that display ABCD
View vimarrows.txt
Go to home path $HOME
Create .vimrc
ADD this line :
set nocompatible
Save
View tweets.txt
filename="/./hey/.js?c=a.pnG%0a\"
Content-Type:
<html><script>alert(0)</script>
File uploader was looking for .png, but we break it with pnG%0a - blank content type and it defaults to what it can detect in the file
View alpha_wp_secure.txt
##Change Database Prefix
Do not use wp_
Replace testsite_
##Permissions
wp-config.php -> 400
uploads folder -> 755
htaccess files -> 400
##Security Plugins
@gitnepal
gitnepal / districts.json
Created Aug 20, 2018
Districts Nepal [pvt test]
View districts.json
{
"d": [
{
"__type": "District:alpha.library",
"RowNum": 0,
"RowTotal": 0,
"DistrictID": 68,
"DistrictName": "Acham",
"ZoneID": 0,
@gitnepal
gitnepal / wpusers.sh
Created May 31, 2018
WordPress Users Enumeration {/wp-json/wp/v2/users} - Short and easy , @gitnepal
View wpusers.sh
#!/bin/bash
#curl"//wp-json/wp/v2/users" //rootnep.al /@___0x00
if [[ $# -eq 0 ]] ;
then
echo "Usage: ./wpuser.sh wpdomain"
exit 1
else
curl 'https://'$1'/wp-json/wp/v2/users' | jq '.[]|.slug' | tr -d '"' | sort -u > $1.txt
echo "Users:"
cat $1.txt
@gitnepal
gitnepal / crt.sh
Last active Jan 22, 2021
Bash Script to pull list of domains from http://crt.sh for automation and lazy recon @nahamsec / @gitnepal
View crt.sh
#!/bin/bash
#Thanks @nahamsec tweets, @___0x00
if [[ $# -eq 0 ]] ;
then
echo "Usage: ./crt.sh domainname"
exit 1
else
curl 'https://crt.sh/?q=%.'$1'&output=json' | jq '.[] | {name_value}' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u > $1.txt
cat $1.txt
fi