Skip to content

Instantly share code, notes, and snippets.

View hacks2learn's full-sized avatar

Marco hacks2learn

14 followers · 1 following
View GitHub Profile
@hacks2learn
hacks2learn / update_cookie_BambdaCA.java
Created July 3, 2025 10:55 — forked from irsdl/update_cookie_BambdaCA.java
Automatically updates the Cookie header in Burp Repeater requests using Set-Cookie values from responses. This Bambda CustomAction preserves all existing cookies and only updates or adds values when necessary — ensuring session continuity without overwriting unrelated cookies.
@hacks2learn
hacks2learn / Get-Origins.ps1
Created March 28, 2025 12:28 — forked from curi0usJack/Get-Origins.ps1
PowerShell code to map CDN (Classic or FrontDoor) to their Origin hostname.
Import-Module Az
Connect-AzAccount
$ipre = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
function Get-ClassicOrigins() {
$profs = Get-AzCDNProfile
$coll = @()
foreach ($prof in $profs) {
@hacks2learn
hacks2learn / research.md
Created January 23, 2025 13:01 — forked from hackermondev/research.md
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@hacks2learn
hacks2learn / SilentListener.py
Created September 28, 2024 11:30 — forked from Dfte/SilentListener.py
import argparse
import ipaddress
from os import path
from time import sleep
from shlex import split
from scapy.all import sniff
from threading import Thread
from subprocess import Popen, PIPE
valid_ranges = []
@hacks2learn
hacks2learn / cups-browsed.md
Created September 27, 2024 12:30 — forked from stong/cups-browsed.md
CUPS disclosure leaked online. Not my report. The original author is @evilsocket

Original report

  • Affected Vendor: OpenPrinting
  • Affected Product: Several components of the CUPS printing system: cups-browsed, libppd, libcupsfilters and cups-filters.
  • Affected Version: All versions <= 2.0.1 (latest release) and master.
  • Significant ICS/OT impact? no
  • Reporter: Simone Margaritelli [[email protected]]
  • Vendor contacted? yes The vendor has been notified trough Github Advisories and all bugs have been confirmed:
@hacks2learn
hacks2learn / mysql-udf-build.sh
Created November 26, 2023 02:32 — forked from kazkansouh/mysql-udf-build.sh
Simplify building MySQL UDF exploit for both Linux and Windows
#!/bin/bash
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@hacks2learn
hacks2learn / Printerlogic-disclosure.md
Created May 25, 2023 12:13 — forked from wireghoul/Printerlogic-disclosure.md
Printerlogic-disclosure

PrinterLogic SaaS, multiple vulnerabilities

PrinterLogic's Enterprise Print Management software allows IT professionals to simplify printer driver management and empower end users. -- https://www.printerlogic.com/

Background

The following findings were identified by performing both dynamic testing of the PrinterLogic SaaS platform and code analysis of the source code contained in the virtual appliance available for download from the PrinterLogic website (Build 1.0.757: July 29th, 2022).

@hacks2learn
hacks2learn / JavascriptRecon.md
Created February 10, 2023 14:26
My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)
@hacks2learn
hacks2learn / Mona Py Cheat sheet
Created January 10, 2023 17:28 — forked from namishelex01/Mona Py Cheat sheet
This is a gist compilation of ***Corelan.be*** manual of mona py
Main Project Page -> github.com/corelan/mona
Download the file and save it to this typical location ->
C:\Program Files\Immunity Inc\Immunity Debugger\PyCommands
BASIC USAGE :
!mona in the input box and press enter
For more information = Open log window (ALT-L)
For Help options ->
@hacks2learn
hacks2learn / Proxmox with LVM-thin and why we should use Trim-Discard.MD
Created December 14, 2022 20:38 — forked from hostberg/Proxmox with LVM-thin and why we should use Trim-Discard.MD

Proxmox with LVM-thin and why we should use Trim/Discard

Excerpts from the Proxmox VE Administration Guide]

LVM normally allocates blocks when you create a volume. LVM thin pools instead allocates blocks when they are written. This behaviour is called thin-provisioning, because volumes can be much larger than physically available space.

8.10.2. Trim/Discard It is good practice to run fstrim (discard) regularly on VMs and containers. This releases data blocks that the filesystem isn’t using anymore. It reduces data usage and resource load. Most modern operating systems issue such discard commands to their disks regularly. You only need to ensure that the Virtual Machines enable the disk discard option.