Skip to content

Instantly share code, notes, and snippets.

View pikpikcu's full-sized avatar
😊
putune simbah

PikPikcU pikpikcu

😊
putune simbah
525 followers · 134 following
View GitHub Profile
@Wh1terat
Wh1terat / inscrapesula.py
Last active June 11, 2023 12:21
Inscrapesula
#!/usr/bin/env python3
"""
InSCRAPEsula v0.1
Inspired by and sections borrowed from https://github.com/ziplokk1/incapsula-cracker-py3"
"""
import logging
import re
from ast import literal_eval
from base64 import b64encode, b64decode
from random import random
@SwitHak
SwitHak / 20200114-TLP-WHITE_CVE-2020-0601.md
Last active February 9, 2024 14:42
BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

  • Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
  • The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
  • The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

  • NSA description:
  • NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.
@xax007
xax007 / FusionPBX-XSS.md
Last active February 4, 2021 10:29
FusionPBX-XSS
@tomnomnom
tomnomnom / short-wordlist.txt
Created September 29, 2019 19:44
short-wordlist
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore
@Arno0x
Arno0x / TestAssembly.cs
Last active September 12, 2025 14:16
This code shows how to load a CLR in an unmanaged process, then load an assembly from memory (not from a file) and execute a method
/*
================================ Compile as a .Net DLL ==============================
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs
*/
using System.Windows.Forms;
namespace TestNamespace
@random-robbie
random-robbie / paying.md
Last active August 5, 2025 19:25
paying bug bounty companys taken from https://github.com/disclose/disclose 
Program Name: 0x Project
Policy URL: https://blog.0xproject.com/announcing-the-0x-protocol-bug-bounty-b0559d2738c
Submission URL: [email protected]




Program Name: 1Password Game
@003random
003random / subdomains wildcard detection example
Created January 18, 2019 13:54
if [[ "$(dig @1.1.1.1 A,CNAME {test321123,testingforwildcard,plsdontgimmearesult}.$domain +short | wc -l)" -gt "1" ]]; then
echo "[!] Possible wildcard detected."
fi
@bash-c
bash-c / bug-list.md
Last active September 10, 2025 04:49
@LuD1161
LuD1161 / setup_bbty.sh
Last active September 11, 2025 09:35
Setup Bug Bounty Tools on AWS instance / any VPS for that matter
#!/bin/bash
#
# Execute as wget -O - https://gist.github.com/LuD1161/66f30da6d8b6c1c05b9f6708525ea885/raw | bash
# # Thanks JeffreyShran for the gist url thing
#
#
# It's debian based, so for centos and likewise you have to change apt to yum and similarly
#
InstallationStartTime=$(date +%s)
@ChuanYuan-Huang
ChuanYuan-Huang / CVE-2018-9111 and CVE-2018-9112.md
Created May 10, 2018 01:14
CVE-2018-9111 and CVE-2018-9112 Foxconn FEMTO XSS and without Validation and Integrity Checking

CVE-2018-9111

[Suggested description] Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user's browser.

[Vulnerability Type]