Skip to content

Instantly share code, notes, and snippets.

View rudSarkar's full-sized avatar
:electron:
Negatively Charged

Rudra Sarkar rudSarkar

:electron:
Negatively Charged
160 followers · 99 following
View GitHub Profile
@rudSarkar
rudSarkar / OBWS_2.md
Created May 26, 2022 11:51 — forked from seresistvanandras/OBWS_2.md
Hacking smart contracts for fun and profit

Hacking smart contracts for fun and profit

Description of the game

The goal of the game to break as many contracts as possible! Note: one of these contracts is a HONEYPOT! BE CAREFUL!!

Claim your Ropsten test ether here!

The contracts you need to break and their addresses:

@rudSarkar
rudSarkar / bucket-disclose.sh
Created June 17, 2022 02:36 — forked from fransr/bucket-disclose.sh
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@rudSarkar
rudSarkar / CVE-2025-29927.bcheck
Created March 27, 2025 10:43 — forked from fourcube/CVE-2025-29927.bcheck
Burp BCheck for CVE-2025-29927 (Next.js middleware bypass)
metadata:
language: v2-beta
name: "CVE-2025-29927 - Next.js middleware bypass"
description: "Checks for differences in responses when using different x-middleware-subrequest header paths"
author: "Chris Grieger - blueredix.com"
tags: "next.js", "middleware"
run for each:
middleware_value = "pages/_middleware",
"middleware",