Skip to content

Instantly share code, notes, and snippets.

View pikpikcu's full-sized avatar
😊
putune simbah

PikPikcU pikpikcu

😊
putune simbah
495 followers · 129 following
View GitHub Profile
@pikpikcu
pikpikcu / short-wordlist.txt
Created January 21, 2020 02:36 — forked from tomnomnom/short-wordlist.txt
short-wordlist
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore
@pikpikcu
pikpikcu / php-curl-crlf-injection.mkd
Created January 21, 2020 02:37 — forked from tomnomnom/php-curl-crlf-injection.mkd
CRLF Injection Into PHP's cURL Options

CRLF Injection Into PHP's cURL Options

I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.

If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.

@pikpikcu
pikpikcu / subdo_scan.md
Created January 21, 2020 05:59

subdo scann

#!/bin/sh

if [[ $# -eq 0 ]] ;
then
	echo "Usage: ./subdo.sh site.com"
	exit 1
else
@pikpikcu
pikpikcu / tmux.conf
Created January 26, 2020 09:37 — forked from spicycode/tmux.conf
The best and greatest tmux.conf ever
# 0 is too far from ` ;)
set -g base-index 1
# Automatically set window title
set-window-option -g automatic-rename on
set-option -g set-titles on
#set -g default-terminal screen-256color
set -g status-keys vi
set -g history-limit 10000
@pikpikcu
pikpikcu / tmux-cheatsheet.markdown
Created January 26, 2020 11:00 — forked from MohamedAlaa/tmux-cheatsheet.markdown
tmux shortcuts & cheatsheet

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname
@pikpikcu
pikpikcu / Base64_CheatSheet.md
Created January 30, 2020 02:22 — forked from Neo23x0/Base64_CheatSheet.md
Learning Aid - Top Base64 Encodings Table

Learning Aid - Top Base64 Encodings Table

MITRE ATT4CK - T1132 - Data Encoding

Base64 Code Mnemonic Aid Decoded* Description
JAB 🗣 Jabber $. Variable declaration (UTF-16)
TVq 📺 Television MZ MZ header
UEs 🏬 Upper East Side PK ZIP, Office documents
SUVY 🚙 SUV IEX PowerShell Invoke Expression
@pikpikcu
pikpikcu / waybackurls.py
Created January 31, 2020 07:31 — forked from mhmdiaa/waybackurls.py
import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
else:
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
@pikpikcu
pikpikcu / ip_encoder.py
Created January 31, 2020 07:35 — forked from mhmdiaa/ip_encoder.py
import sys
def to_octets(ip):
return [int(i) for i in ip.split('.')]
def dotless_decimal(ip):
octets = to_octets(ip)
result = octets[0] * 16777216 + octets[1] * \
@pikpikcu
pikpikcu / magento.mb
Created January 31, 2020 08:41
magento
/**
* Magento
*
* NOTICE OF LICENSE
*
* This source file is subject to the Academic Free License (AFL 3.0)
* that is bundled with this package in the file LICENSE_AFL.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/afl-3.0.php
* If you did not receive a copy of the license and are unable to
@pikpikcu
pikpikcu / autoload.php
Last active February 1, 2020 09:48
Server-side PHP web skimmer in lib/Varien/Autoload.php
<?php
/**
The MIT License
Copyright (c) 2010-2018 Google, Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell