Skip to content

Instantly share code, notes, and snippets.

View tracure1337's full-sized avatar
💭
/r/masterhacker/

ɘɿuɔɐɿɈ tracure1337

💭
/r/masterhacker/
147 followers · 450 following
View GitHub Profile
@albinowax
albinowax / connection-state-attack.bambda
Created October 16, 2025 13:24
Connection state attack Custom Action for Burp Repeater
// For context check out https://portswigger.net/web-security/host-header/exploiting#connection-state-attacks
var connectionId = utilities().randomUtils().randomString(8);
var options = RequestOptions.requestOptions().withConnectionId(connectionId).withHttpMode(HttpMode.HTTP_1);
// Send a simple GET / HTTP/1.1 to the target as the precusor request
var url = requestResponse.request().url();
var precursorRequest = HttpRequest.httpRequestFromUrl(url);
precursorRequest = precursorRequest.withPath("/").withHeader("Connection", "keep-alive");
// Send the attack in the repeater, and update the response pane
@UNC1739
UNC1739 / panw-exclusions.json
Created August 26, 2025 07:14
Default TLS Exclusions for Palo Alto Networks Firewalls
{
"type": "rpc",
"tid": "32",
"action": "PanDirect",
"method": "execute",
"predefinedCacheUpdate": "false",
"cloudCacheUpdate": "false",
"result": {
"result": {
"entry": [
@Atom1cByte
Atom1cByte / poc.html
Created July 11, 2025 14:28
Ollama CSRF PoC
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Ollama Chat</title>
<style>
body { font-family: sans-serif; background: #f0f0f0; }
#chat { max-width: 500px; margin: 40px auto; background: #fff; padding: 10px; border-radius: 6px; }
#log { min-height: 100px; margin-bottom: 10px; }
input { width: 70%; padding: 6px; }
@albinowax
albinowax / race-condition-probe.java
Last active October 5, 2025 14:47
Race condition custom action for Burp Repeater
// This will use the single-packet attack for HTTP/2, and last-byte synchronisation for HTTP/1
int NUMBER_OF_REQUESTS = 10;
var reqs = new ArrayList<HttpRequest>();
for (int i = 0; i < NUMBER_OF_REQUESTS; i++) {
reqs.add(requestResponse.request());
}
var responses = api().http().sendRequests(reqs);
var codes = responses.stream().map(HttpRequestResponse::response).filter(Objects::nonNull).map(HttpResponse::statusCode).toList();
logging().logToOutput(codes);
@wess
wess / folder-history.plugin.zsh
Last active January 23, 2025 01:39
OhMyZsh plugin for local/folder based history
# Enable Zsh options for history
setopt EXTENDED_HISTORY
setopt INC_APPEND_HISTORY
setopt SHARE_HISTORY
setopt HIST_FIND_NO_DUPS
# Clear local history and load a fresh session for the current directory
function load_local_history() {
if [[ -f .zsh_cmd_history ]]; then
# Clear in-memory history and reload only local history
@hackermondev
hackermondev / zendesk.md
Last active October 30, 2025 16:39
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@JonnieCache
JonnieCache / zellij_tab_title.zsh
Last active October 25, 2025 16:09
ZSH script to set the zellij tab title to the running command line, or the current directory
function current_dir() {
local current_dir=$PWD
if [[ $current_dir == $HOME ]]; then
current_dir="~"
else
current_dir=${current_dir##*/}
fi
echo $current_dir
}
@jhaddix
jhaddix / endpoints bookmarklet
Last active October 28, 2025 07:22
javascript:(function(){var scripts=document.getElementsByTagName("script"),regex=/(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g,jsRegex=/(?<=(\"|\'|\%60))(?:\/|https?:\/\/)[a-zA-Z0-9_?&=\/\-\#\.]+\.js(?:\?[^"'%60]*)?(?=(\"|\'|\%60))/g;const results=new Set;const paramMap=new Map();const jsFiles=new Set();function processContent(t,src){var e=t.matchAll(regex);for(let r of e){results.add(r[0]);var params=r[0].split('?')[1];if(params){params.split('&').forEach(param=>{var [key,]=param.split('=');if(key){if(!paramMap.has(key)){paramMap.set(key,[]);}paramMap.get(key).push(src||'Inline script or HTML');}});}}var j=t.matchAll(jsRegex);for(let r of j){jsFiles.add(r[0]);}}for(var i=0;i<scripts.length;i++){var t=scripts[i].src;if(t){jsFiles.add(t);fetch(t).then(function(t){return t.text()}).then(text=>processContent(text,t)).catch(function(t){console.log("An error occurred: ",t)});}else{processContent(scripts[i].textContent);}}var pageContent=document.documentElement.outerHTML;processContent(pageContent
@grahamhelton
grahamhelton / steal_etcd.sh
Created June 7, 2024 19:25
Quick bash script to steal an etcd database
# This script attempts to take a snapshot of the kubernetes etcd database for exfiltration
# This should be run post-compromise of a node
#!/usr/bin/env bash
NOCOLOR=$(tput sgr0)
RED=$(tput setaf 1)
GREEN=$(tput setaf 2)
BLUE=$(tput setaf 4)
YELLOW=$(tput setaf 3)
TICK="$NOCOLOR[$GREEN+$NOCOLOR] "
@Rhynorater
Rhynorater / nowafpls___8KB.json
Created May 26, 2024 12:37
nowafpls - Caido Convert Workflow
{
"description": "Bypass WAFs with 8KB Padding.",
"edition": 2,
"graph": {
"edges": [
{
"source": {
"exec_alias": "exec",
"node_id": 2
},