Skip to content

Instantly share code, notes, and snippets.

View hacks2learn's full-sized avatar

Marco hacks2learn

14 followers · 1 following
View GitHub Profile
@hawktrace
hawktrace / gist:67836c7e9f35b72077b50f220349cd73
Created September 2, 2025 17:53
CVE-2025-53772 IIS WebDeploy RCE
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.IO.Compression;
using System.Reflection;
using System.Runtime.Serialization.Formatters.Binary;
namespace hawktraceiis
{
@HackingLZ
HackingLZ / m365_osint_recon.py
Created August 7, 2025 16:28
#!/usr/bin/env python3
"""
M365 OSINT Reconnaissance Tool
Based on techniques from: https://dstreefkerk.github.io/2025-07-m365-email-osint-after-lockdown/
This script performs modern M365/Azure AD reconnaissance after Microsoft's lockdown of traditional
enumeration methods. It uses multiple validation techniques to discover organizational information
and attempts to infer MOERA domains.
"""
@irsdl
irsdl / update_cookie_BambdaCA.java
Last active July 25, 2025 12:13
Automatically updates the Cookie header in Burp Repeater requests using Set-Cookie values from responses. This Bambda CustomAction preserves all existing cookies and only updates or adds values when necessary — ensuring session continuity without overwriting unrelated cookies.
@curi0usJack
curi0usJack / Get-Origins.ps1
Created March 27, 2025 20:28
PowerShell code to map CDN (Classic or FrontDoor) to their Origin hostname.
Import-Module Az
Connect-AzAccount
$ipre = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
function Get-ClassicOrigins() {
$profs = Get-AzCDNProfile
$coll = @()
foreach ($prof in $profs) {
@hackermondev
hackermondev / research.md
Last active October 21, 2025 09:20
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@Teach2Breach
Teach2Breach / sign.ps1
Created April 4, 2024 14:28
#convert the following script to work from any desktop
$dir= Read-Host -Prompt 'Certs output directory: '
$pw= Read-Host -Prompt 'password: '
$rde=Read-Host -Prompt 'binary to sign: '
$cn=Read-Host -Prompt 'issuer to spoof: '
#add a check to locate the needed binaries instead of hardcoding this
cd 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64'
rm $dir\$cn*
@irsdl
irsdl / urlhostname_test.js
Created March 14, 2024 10:54
To evaluate how `URL(url).hostname` in JS handles discarded characters and character conversions in domain names.
// by @irsdl
// This script identifies anomalies in how JS parses the URL using `URL(url).hostname`:
// 1- Characters that are ignored when present in the domain name.
// 2- Characters that can replace ASCII characters in domain names and still be parsed correctly. In here we want letter S in `soroush.me`
// You can try running this script in your browser's dev console or at https://www.jdoodle.com/execute-nodejs-online/
// I am sure this must have been looked at before but I cannot find a reference
for (let i = 0; i <= 0xFFFF; i++) {
const unicodeChar = String.fromCharCode(i);
const urlString = `http://sorous${unicodeChar}h.me/blog/`;
@grahamhelton
grahamhelton / dockerload.sh
Last active May 30, 2024 23:55
Build tool into docker image
# Install certipy
apt update -y &> /dev/null && apt upgrade -y &> /dev/null && apt install -y python3 python3-pip &> /dev/null && pip3 install certipy-ad &> /dev/null ; echo -e "\033[0;32m - Certipy installed \033[0m"
# List containers, identify container id
sudo docker container ls
# Stage the current container into an image
sudo docker commit <container_id> <image_name>
# Save the image as a .tar file
@aelmokhtar
aelmokhtar / pgadmin_rce-10-03-2024.md
Last active April 9, 2024 10:33

Critical Remote Code Execution Vulnerability in PGAdmin: Detailed Analysis Report

This report presents a critical Remote Code Execution (RCE) vulnerability within PGAdmin, discovered during a security review. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to both the database management system's integrity and the security of the underlying data.

Checkout more technical details on https://ayoubmokhtar.com/post/remote_code_execution_pgadmin_8.4-cve-2024-3116/

@nullenc0de
nullenc0de / block_sec.sh
Created February 16, 2024 16:49
Looks up IP addresses to companies and blocks them via IP tables.
#!/bin/bash
apt install golang -y
GOROOT="/usr/local/go"
PATH="${PATH}:${GOROOT}/bin"
GOPATH=$HOME/go
PATH="${PATH}:${GOROOT}/bin:${GOPATH}/bin"
go install github.com/projectdiscovery/asnmap/cmd/asnmap@latest