Skip to content

Instantly share code, notes, and snippets.

View clevernyyyy's full-sized avatar

Adam Schaal clevernyyyy

52 followers · 60 following
View GitHub Profile
@BlackFan
BlackFan / Bootstrap_XSS.md
Last active October 21, 2025 08:24
Bootstrap XSS Collection

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

➖ Requires user interaction

➖ Requires $('[data-toggle="tooltip"]').tooltip();

@ryanflorence
ryanflorence / everything-i-know-about-routing.md
Last active July 9, 2025 19:11

Everything I Know About UI Routing

Definitions

  1. Location - The location of the application. Usually just a URL, but the location can contain multiple pieces of information that can be used by an app
    1. pathname - The "file/directory" portion of the URL, like invoices/123
    2. search - The stuff after ? in a URL like /assignments?showGrades=1.
    3. query - A parsed version of search, usually an object but not a standard browser feature.
    4. hash - The # portion of the URL. This is not available to servers in request.url so its client only. By default it means which part of the page the user should be scrolled to, but developers use it for various things.
    5. state - Object associated with a location. Think of it like a hidden URL query. It's state you want to keep with a specific location, but you don't want it to be visible in the URL.
@wybiral
wybiral / noscript-tracking.go
Last active October 28, 2024 23:01
Tracking cursor position in real-time with remote monitoring (without JavaScript)
// Tracking cursor position in real-time without JavaScript
// Demo: https://twitter.com/davywtf/status/1124146339259002881
package main
import (
"fmt"
"net/http"
"strings"
)
@kdev33
kdev33 / unix-bash-cheatsheet.md
Last active August 7, 2024 10:37
Unix bash cheatsheet. Hope you find it useful 😉
@tg12
tg12 / ftp_check.py
Last active August 27, 2019 19:51
Fast Multi-threaded FTP Scanner
from datetime import datetime
import time
import threading
###########################
from multiprocessing import Process
import random
###########################
import dns.resolver
import dns.reversename
import ftplib
@edermi
edermi / kerberoast_pws.xz
Last active January 22, 2024 12:40
edermi Kerberoast PW list (XZ format)
This file has been truncated, but you can view the full file.
View raw
@skylarmt
skylarmt / pngcrushall.sh
Created May 8, 2018 18:27
A script to optimize (pngcrush) all the images in a folder, and tell you how much space you've saved.
#!/bin/bash
TOTALIN=0
TOTALSAVED=0
TOTALFILES=0
for png in *.png;
do
echo "Crushing $png"
echo "PNG file $png:" >> /tmp/pngcrush.log
OLDSIZE=$(stat --printf="%s" "$png")
echo " Old size: $OLDSIZE" >> /tmp/pngcrush.log
@bohops
bohops / RDP_Eavesdropping_Hijacking
Last active April 14, 2025 16:22
RDP Eavesdropping and Hijacking
*******************************
I spent some time this evening looking at ways to eavesdrop and hijack RDP sessions. Here is a gist of (semi) interesting findings
that is not very new...
===========
Inspiration
===========
As you may already know...
@mattifestation
mattifestation / GetSecureBootPolicy.ps1
Last active May 17, 2025 22:32
Partially-completed Secure Boot policy parser. I need help with parsing our the BCD element values.
function Get-SecureBootPolicy {
<#
.SYNOPSIS
Parses a Secure Boot policy.
.DESCRIPTION
Get-SecureBootPolicy parses either the default, system Secure Boot policy or a policy passed as a byte array. The byte array must be a raw, unsigned policy.
@tunguskha
tunguskha / Gradient shadow in pure CSS.md
Last active October 12, 2024 17:02
Gradient shadow in pure CSS

Gradient shadow in pure CSS

alt text

HTML
<button>Let's Go !</button>