Kamil Vavra vavkamil

## bookmarklet.html
<html>
<head>
    <title>Bookmarklet hijacking PoC</title>
</head>
<body>
    <h1>Bookmarklet hijacking</h1>
    <h2>Chromium Proof of Concept</h2>

    <h3>Steps to reproduce</h3>
    <p>1. <strong>Double-check that the link executes</strong> <code>alert(1)</code></p>

## covid19-plugin-wp.php
<?php

/**
 * Plugin Name:       covid19-plugin-wp
 * Plugin URI:        https://wordpress.org/plugins/covid19-plugin-wp
 * Description:       This plugin adds a custom widget to display Covid19 statistics for a selected country.
 * Version:           1.0.1
 * Author:            @vavkamil
 * Author URI:        https://vavkamil.cz
 * License:           GPL v2 or later

## PoC_proxyLogon.py
import requests

from urllib3.exceptions import InsecureRequestWarning

import random

import string

import sys

## strong-tv-dos-poc.html
<html>
<head>
<title></title>
</head>
<body>
<h1>Strong TV DoS exploit</h1>
<h2>Proof of Concept</h2>
<label for="internal_ip">Any internal IP:</label>
<input type="text" name="internal_ip" id="internal_ip" autocomplete="off" onchange="get_tv_ip()">
<br><br>

## hue-cors.html
<html>
<head>
<title>Hue Bridge CORS PoC</title>
<script>
            var xhr = new XMLHttpRequest();

            xhr.open("GET", "https://discovery.meethue.com/")
            xhr.send();
            xhr.onreadystatechange = function(e) {
                var hue_ip;

## metadata.py
#!/usr/bin/env python

import argparse
import urllib.request
import concurrent.futures
from datetime import datetime, timedelta
import sys

domains = ["vavkamil.cz"]

## blocker.php
<?php
ob_start();
ini_set('display_errors',0);
$ipa = $_SERVER['HTTP_CLIENT_IP']? $_SERVER['HTTP_CLIENT_IP'] : ($_SERVER['HTTP_X_FORWARDE‌D_FOR'] ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'] );
$useragent = $_SERVER['HTTP_USER_AGENT'];

if(isset($_POST['gotcha'])){
     blockBot($ipa);
}

## android sslpining disable

$ apt-get update && apt-get upgrade --assume-yes
$
$ pip3 install frida-tools
$ pip3 install objection
$
$ sudo apt-get install android-tools-adb android-tools-fastboot
$
$ wget wget https://github.com/frida/frida/releases/download/12.7.0/frida-server-12.7.0-android-arm64.xz
$ unxz frida-server-12.7.0-android-arm64.xz

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                vavkamil
                / keybase.md
            
            
              Created
              September 14, 2019 11:34
            
          
    Keybase proof

I hereby claim:

I am vavkamil on github.
I am kamil_kiwi (https://keybase.io/kamil_kiwi) on keybase.
I have a public key ASDQMrxWDIIThXhqFK9NJhP6hZTdrO5MjI7M_T4bBsTbsAo

To claim this, I am signing this object:

  
## blind-xss-cloudflare-worker.js
addEventListener("fetch", event => {
  event.respondWith(handleRequest(event.request))
})

////////////////////////////////////////////////////////////////////////////////////////////////////
// ! DON'T LEAK THE SECRETS !
// Use Workers KV if you can https://developers.cloudflare.com/workers/reference/storage/

const telegram_token = "*****REDACTED*****";
const telegram_url = "https://api.telegram.org/bot" + telegram_token + "/sendMessage";
	<html>
	<head>
	<title>Bookmarklet hijacking PoC</title>
	</head>
	<body>
	<h1>Bookmarklet hijacking</h1>
	<h2>Chromium Proof of Concept</h2>

	<h3>Steps to reproduce</h3>
	<p>1. <strong>Double-check that the link executes</strong> <code>alert(1)</code></p>
	<?php

	/**
	* Plugin Name: covid19-plugin-wp
	* Plugin URI: https://wordpress.org/plugins/covid19-plugin-wp
	* Description: This plugin adds a custom widget to display Covid19 statistics for a selected country.
	* Version: 1.0.1
	* Author: @vavkamil
	* Author URI: https://vavkamil.cz
	* License: GPL v2 or later
	import requests

	from urllib3.exceptions import InsecureRequestWarning

	import random

	import string

	import sys
	<html>
	<head>
	<title></title>
	</head>
	<body>
	<h1>Strong TV DoS exploit</h1>
	<h2>Proof of Concept</h2>
	<label for="internal_ip">Any internal IP:</label>
	<input type="text" name="internal_ip" id="internal_ip" autocomplete="off" onchange="get_tv_ip()">
	<br><br>
	<html>
	<head>
	<title>Hue Bridge CORS PoC</title>
	<script>
	var xhr = new XMLHttpRequest();

	xhr.open("GET", "https://discovery.meethue.com/")
	xhr.send();
	xhr.onreadystatechange = function(e) {
	var hue_ip;
	#!/usr/bin/env python

	import argparse
	import urllib.request
	import concurrent.futures
	from datetime import datetime, timedelta
	import sys

	domains = ["vavkamil.cz"]
	<?php
	ob_start();
	ini_set('display_errors',0);
	$ipa = $_SERVER['HTTP_CLIENT_IP']? $_SERVER['HTTP_CLIENT_IP'] : ($_SERVER['HTTP_X_FORWARDE‌D_FOR'] ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'] );
	$useragent = $_SERVER['HTTP_USER_AGENT'];

	if(isset($_POST['gotcha'])){
	blockBot($ipa);
	}

	$ apt-get update && apt-get upgrade --assume-yes
	$
	$ pip3 install frida-tools
	$ pip3 install objection
	$
	$ sudo apt-get install android-tools-adb android-tools-fastboot
	$
	$ wget wget https://github.com/frida/frida/releases/download/12.7.0/frida-server-12.7.0-android-arm64.xz
	$ unxz frida-server-12.7.0-android-arm64.xz
	addEventListener("fetch", event => {
	event.respondWith(handleRequest(event.request))
	})

	////////////////////////////////////////////////////////////////////////////////////////////////////
	// ! DON'T LEAK THE SECRETS !
	// Use Workers KV if you can https://developers.cloudflare.com/workers/reference/storage/

	const telegram_token = "***REDACTED***";
	const telegram_url = "https://api.telegram.org/bot" + telegram_token + "/sendMessage";