Stop! This text is only interesting for you if you...
- Like popping alerts in weird situations
- Miss CSS expressions as much as we do
- Have an unhealthy obsession for markup porn
unbaiat unbaiat
mgeeky
/ blindxxe.py
Created
July 21, 2016 09:49
Blind XXE (External XML Entity) attacker's server - to be used in blind XXE data exfiltration (like in Play Framework or Ruby on Rails)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Simple Blind XXE server intended to handle incoming requests for | |
| # malicious DTD file, that will subsequently ask for locally stored file, | |
| # like file:///etc/passwd. | |
| # | |
| # This program has been tested with PlayFramework 2.1.3 XXE vulnerability, | |
| # to be run as follows: | |
| # |
cure53
/ scriptlet.md
Last active
February 1, 2024 19:33
The Scriptless Scriptlet - Or how to execute JavaScript from CSS in MSIE11 without using Scripts
... my first disclosure. Man, it feels weird doing this.
update 6/6/16 I would like to stress something: I'm not saying "Don't buy an ASUS device" -- I see a lot of people who want to lambaste ASUS for this and boycott their hardware. This isn't what I want people to be doing by any stretch. Stupidly, I like the ASUS hardware I have (it's nice for the price) and I would rather see a pressure on ASUS as an OEM to stop shipping "value added software" to consumers; If you want to help Microsoft in pushing this mentality, go buy a signature machine from them. Microsoft provides support, but also only ships windows and a few select utilities that are essential to the functioning of the system (think: Radeon/Optimus and nVidia control panels) and fall heavily on the hardware makers (ATI, nVidia, Intel) to provide support for the harware.
Consider an ASUS device all you want. Start putting pressure on Microsoft that consumers want bloat-free devices and start voting with your money. Microsoft's store
chiehmin
/ android_decompilation_tool.sh
Created
May 18, 2016 06:51
apktool, dex2jar, jd-gui installation script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Installing apktool | |
| mkdir -p ~/.local/bin | |
| wget https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.1.1.jar -O ~/.local/bin/apktool.jar | |
| wget https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/linux/apktool -O ~/.local/bin/apktool | |
| chmod a+x ~/.local/bin/apktool | |
| # Installing dex2jar | |
| wget https://github.com/pxb1988/dex2jar/releases/download/2.1-nightly-26/dex-tools-2.1-20150601.060031-26.zip -O ~/.local/bin/dex2jar.zip | |
| unzip ~/.local/bin/dex2jar.zip -d ~/.local/bin/ | |
| mv ~/.local/bin/dex2jar-2.1-SNAPSHOT/* ~/.local/bin/ |
cure53
/ wordpress.md
Last active
February 1, 2023 22:47
WordPress Flash XSS in flashmediaelement.swf
nullbind
/ SQL Server - List Privileges
Created
March 11, 2016 18:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Returns server level privileges. | |
| -- Reference: http://msdn.microsoft.com/en-us/library/ms186260.aspx | |
| SELECT GRE.name AS Grantee | |
| ,GRO.name AS Grantor | |
| ,PER.class_desc AS PermClass | |
| ,PER.permission_name AS PermName | |
| ,PER.state_desc AS PermState | |
| ,COALESCE(PRC.name, EP.name, N'') AS ObjectName | |
| ,COALESCE(PRC.type_desc, EP.type_desc, N'') AS ObjectType | |
| FROM [sys].[server_permissions] AS PER |
nullbind
/ SQL Server - List Enabled Audit Specifications
Created
March 11, 2016 18:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- List enabled server specifications | |
| SELECT audit_id, | |
| a.name as audit_name, | |
| s.name as server_specification_name, | |
| d.audit_action_name, | |
| s.is_state_enabled, | |
| d.is_group, | |
| d.audit_action_id, | |
| s.create_date, | |
| s.modify_date |
unbaiat
/ BrutePWGen.py
Created
February 8, 2016 08:45
— forked from itsecurityco/BrutePWGen.py
Password generator for brute force attacks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Bruteforce Password Generator | |
| Author: @itsecurityco | |
| Use: python BrutePWGen.py --merge-words --h4x0r keywords.txt | |
| """ | |
| import sys | |
| from time import time | |
| class wgen: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Author: Casey Smith @subTee | |
| License: BSD3-Clause | |
| .SYNOPSIS | |
| Simple Reverse Shell over HTTP. Execute Commands on Client. | |