Skip to content

Instantly share code, notes, and snippets.

Avatar
:octocat:
BugBounty

Mehtab Zafar mzfr

:octocat:
BugBounty
View GitHub Profile
@jhaddix
jhaddix / cloud_metadata.txt
Last active Nov 18, 2021 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@tomnomnom
tomnomnom / alert.js
Last active Nov 11, 2021
Ways to alert(document.domain)
View alert.js
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@EdOverflow
EdOverflow / broken_link_hijacking.md
Last active Aug 7, 2021
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
View broken_link_hijacking.md
@intrd
intrd / many_time_pad_attack.py
Last active Mar 1, 2021
OTP - Recovering the private key from a set of messages that were encrypted w/ the same private key (Many time pad attack) - crypto100-many_time_secret @ alexctf 2017
View many_time_pad_attack.py
#!/usr/bin/python
## OTP - Recovering the private key from a set of messages that were encrypted w/ the same private key (Many time pad attack) - crypto100-many_time_secret @ alexctf 2017
# @author intrd - http://dann.com.br/
# Original code by jwomers: https://github.com/Jwomers/many-time-pad-attack/blob/master/attack.py)
import string
import collections
import sets, sys
# 11 unknown ciphertexts (in hex format), all encrpyted with the same key
View Sublime Text 3 Build 3103 License Key - CRACK
I use the first
—– BEGIN LICENSE —–
Michael Barnes
Single User License
EA7E-821385
8A353C41 872A0D5C DF9B2950 AFF6F667
C458EA6D 8EA3C286 98D1D650 131A97AB
AA919AEC EF20E143 B361B1E7 4C8B7F04
@dufferzafar
dufferzafar / allah-and-gsoc-irc-chat.txt
Last active May 18, 2020
"Allah & GSoC" - an excerpt from #gsoc IRC channel.
View allah-and-gsoc-irc-chat.txt
[6:48 pm] <Guest25582> http://oortr.com/YmU5NT
[6:48 pm] <valorie> rather than pasting a random link, why not say what it is, Guest25582?
[6:48 pm] <Guest25582> Allah is doing
[6:48 pm] <Guest25582> sun is not doing Allah is doing
[6:48 pm] <Guest25582> moon is not doing Allah is doing
[6:48 pm] <meflin> this channel is about GSOC
[6:48 pm] <Guest25582> stars are not doing Allah is doing
[6:48 pm] <valorie> please stay on topic or leave, Guest25582
[6:48 pm] <Guest25582> planets are not doing Allah is doing
[6:48 pm] <valorie> pfff
@stevenswafford
stevenswafford / google-dorks
Created Jun 6, 2015
Listing of a number of useful Google dorks.
View google-dorks
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@xero
xero / irc.md
Last active Nov 28, 2021
irc cheat sheet
View irc.md

IRC Reference

Not intended as a guide for newbies, more like a "cheat sheet" for the somewhat experienced IRC user, especially one who wields some power over a channel.

The Basics

  • /join #channel
    • Joins the specified channel.
  • /part #channel
    • Leaves the specified channel.
@rxaviers
rxaviers / gist:7360908
Last active Nov 28, 2021
Complete list of github markdown emoji markup
View gist:7360908

People

:bowtie: :bowtie: 😄 :smile: 😆 :laughing:
😊 :blush: 😃 :smiley: ☺️ :relaxed:
😏 :smirk: 😍 :heart_eyes: 😘 :kissing_heart:
😚 :kissing_closed_eyes: 😳 :flushed: 😌 :relieved:
😆 :satisfied: 😁 :grin: 😉 :wink:
😜 :stuck_out_tongue_winking_eye: 😝 :stuck_out_tongue_closed_eyes: 😀 :grinning:
😗 :kissing: 😙 :kissing_smiling_eyes: 😛 :stuck_out_tongue:
@granoeste
granoeste / EachDirectoryPath.md
Last active Nov 16, 2021
[Android] How to get the each directory path.
View EachDirectoryPath.md

System directories

Method Result
Environment.getDataDirectory() /data
Environment.getDownloadCacheDirectory() /cache
Environment.getRootDirectory() /system

External storage directories