The challenge is written in C#. In the beginning of Program.cs we can find the following line:
Encoding.RegisterProvider(CodePagesEncodingProvider.Instance);
Ashutosh Believe-AS
Believe-AS
/ js_endpoints_new_tab.js
Created
November 8, 2025 08:35
— forked from mhmdiaa/js_endpoints_new_tab.js
All credit goes to @renniepak for the original bookmarklet https://twitter.com/renniepak/status/1602620834463588352
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript: (function() { | |
| var scripts = document.getElementsByTagName("script"), | |
| regex = /(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g; | |
| const results = new Set; | |
| for (var i = 0; i < scripts.length; i++) { | |
| var t = scripts[i].src; | |
| "" != t && fetch(t).then(function(t) { | |
| return t.text() | |
| }).then(function(t) { | |
| var e = t.matchAll(regex); |
Believe-AS
/ httpx-cp-responses.sh
Created
November 8, 2025 08:34
— forked from mskf3000/httpx-cp-responses.sh
Copy responses from httpx's output to their original file names
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat urls.txt | httpx -json -store-response -output httpx.json | |
| cat httpx.json | jq -r '"\(.stored_response_path) \(.path | ltrimstr("/"))"' | xargs -n 2 sh -c 'mkdir -p "$(dirname $2)" && cp $1 $2' sh |
Believe-AS
/ waybackrobots.py
Created
November 8, 2025 08:32
— forked from mhmdiaa/waybackrobots.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import re | |
| import sys | |
| from multiprocessing.dummy import Pool | |
| def robots(host): | |
| r = requests.get( | |
| 'https://web.archive.org/cdx/search/cdx\ | |
| ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host) |
Believe-AS
/ writeup.md
Created
August 26, 2025 05:56
— forked from securityMB/writeup.md
Lost In Transliteration - Writeup
Believe-AS
/ Red-Team-notes
Created
July 19, 2025 10:16
— forked from cyberheartmi9/Red-Team-notes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enumeration | |
| # Credential Injection | |
| runas.exe /netonly /user:<domain>\<username> cmd.exe | |
| # enumeration users | |
| users | |
| net user /domain |
Believe-AS
/ XSS-To-RCE.py
Created
July 19, 2025 10:15
— forked from cyberheartmi9/XSS-To-RCE.py
OSWE Like Machine: https://pentesterlab.com/exercises/xss_and_mysql_file/course
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import socket | |
| import sys | |
| import random | |
| import string | |
| banner=""" |
Believe-AS
/ gist:e28ac4e0896a165b549b0871463f382a
Created
July 19, 2025 10:13
— forked from tehseensagar/gist:d82931fa8427b3b8a8825714b5b113c4
SQLi WAF Bypass All Method
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| `-=[SQL injection Queries]=- | |
| HOW TO SUCCESSFULLY INJECTING SQL INJECTION | |
| [~] after id no. like id=1 +/*!and*/+1=0 [~] | |
| EX: site.com?index.php?pageid=3 div+0 Union select 1,version(),3,4,5 | |
| +div+0 | |
| +div false | |
| +Having+1=0+ |
Believe-AS
/ getAllGlobals.js
Created
November 1, 2024 07:44
— forked from colinrubbert/getAllGlobals.js
Get all runtime global variables set by the app
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * RuntimeGlobalsChecker | |
| * | |
| * You can use this utility to quickly check what variables have been added (or | |
| * leaked) to the global window object at runtime (by JavaScript code). | |
| * By running this code, the globals checker itself is attached as a singleton | |
| * to the window object as "__runtimeGlobalsChecker__". | |
| * You can check the runtime globals programmatically at any time by invoking | |
| * "window.__runtimeGlobalsChecker__.getRuntimeGlobals()". | |
| * |