Skip to content

Instantly share code, notes, and snippets.

View abdilahrf's full-sized avatar

Abdillah Hasny abdilahrf

221 followers · 69 following
View GitHub Profile
@securifera
securifera / Filename extension list
Created June 21, 2020 00:31
.php
.html
.txt
.htm
.aspx
.asp
.js
.css
.pgsql.txt
.mysql.txt
@709924470
709924470 / hookNativeFunc.js
Created December 22, 2019 17:17
Frida android native hooking
// Android native hooks By @709924470
// CC-BY-NC 4.0
var moduleName = "libmain.so"; // Module name gose here
var hookFunctions = [
{
name: "Java_com_example_hellojni_getstr", // Function name goes here
onEnter: function(args){
// TODO: your code here
},
onLeave: function(ret){
@BlackFan
BlackFan / Bootstrap_XSS.md
Last active October 21, 2025 08:24
Bootstrap XSS Collection

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

➖ Requires user interaction

➖ Requires $('[data-toggle="tooltip"]').tooltip();

@leodutra
leodutra / -setup-windows-wsl-devenv.md
Last active November 15, 2025 02:45
Install and Setup Windows Subsystem 2 for Linux, Hyper, ZSH + Oh My Zsh + Powerlevel9k + plugins, FNM + VSCode (+ext) and Nerd Font

Setup Windows Subsystem 2 for Linux

Windows Subsystem 2 for Linux, Hyper, ZSH + Oh My Zsh + Powerlevel9k + plugins, FNM + VSCode (+ext) and Nerd Font

To setup native Linux, see this gist

Preview

Requirements

@zeropwn
zeropwn / Axway SecureTransport 5.x Unauthenticated XXE
Last active November 17, 2023 08:59
Axway SecureTransport 5.x Unauthenticated XML Injection / XXE
_ _
_______ _ __ ___ | | ___ | |
|_ / _ \ '__/ _ \ | |/ _ \| |
/ / __/ | | (_) || | (_) | |
/___\___|_| \___(_)_|\___/|_|
https://zero.lol
zero days 4 days
ATTENTION:
@stypr
stypr / a-z.md
Last active July 22, 2023 12:35
Harekaze CTF 2019 WEB Writeup (Yokosuka Hackers)

A-z

Simple JS Jail challenge.

It is run on context, so we have nothing but to play with constructor and console.

1337 === eval(our_input)
@xynova
xynova / Enable WSL and Ubuntu 16.04 on Windows 10.md
Last active March 30, 2025 17:06
Enable WSL and Ubuntu 16.04 on Windows 10
@staaldraad
staaldraad / README.md
Last active November 18, 2025 01:55

Based on excellent write-up from https://www.elttam.com.au/blog/ruby-deserialization/

Doesn't work to use YAML.dump(payload) in the above script. This only produces the following YAML, which is worthless:

--- !ruby/object:Gem::Requirement
requirements:
- - ">="
  - !ruby/object:Gem::Version
 version: '0'
@daniellimws
daniellimws / frida-tips.md
Last active July 17, 2025 09:11
Frida tips

Frida Tips

The documentation is so limited. A compilation of things I found on StackOverflow and don't want to have to search it up again.

Bypass root check

setTimeout(function() { // avoid java.lang.ClassNotFoundException

  Java.perform(function() {

    // Root detection bypass example
@tomnomnom
tomnomnom / alert.js
Last active November 27, 2025 11:15
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);