Description of the game
The goal of the game to break as many contracts as possible! Note: one of these contracts is a HONEYPOT! BE CAREFUL!!
Claim your Ropsten test ether here!
The contracts you need to break and their addresses:
rudSarkar
/ CVE-2025-29927.bcheck
Created
March 27, 2025 10:43
— forked from fourcube/CVE-2025-29927.bcheck
Burp BCheck for CVE-2025-29927 (Next.js middleware bypass)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| metadata: | |
| language: v2-beta | |
| name: "CVE-2025-29927 - Next.js middleware bypass" | |
| description: "Checks for differences in responses when using different x-middleware-subrequest header paths" | |
| author: "Chris Grieger - blueredix.com" | |
| tags: "next.js", "middleware" | |
| run for each: | |
| middleware_value = "pages/_middleware", | |
| "middleware", |
rudSarkar
/ bucket-disclose.sh
Created
June 17, 2022 02:36
— forked from fransr/bucket-disclose.sh
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Written by Frans Rosén (twitter.com/fransrosen) | |
| _debug="$2" #turn on debug | |
| _timeout="20" | |
| #you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
| _aws_key="AKIA..." | |
| H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
| H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |
rudSarkar
/ OBWS_2.md
Created
May 26, 2022 11:51
— forked from seresistvanandras/OBWS_2.md
Hacking smart contracts for fun and profit
rudSarkar
/ Secure .git directory!
Created
May 17, 2022 18:29
— forked from explorador/Secure .git directory!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ------------------------------------------------- | |
| # Protect your .git directory! | |
| # (You don't want anyone to download a copy of your website) | |
| # ------------------------------------------------- | |
| # Add to .htaccess | |
| # For Apache 2.4 | |
| <DirectoryMatch "^/.*/\.git/"> |
rudSarkar
/ cloud_metadata.txt
Created
February 12, 2022 10:25
— forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
rudSarkar
/ port-scan.sh
Created
December 8, 2021 07:50
— forked from priyanshus/port-scan.sh
NMAP scan for a list of subdomains
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Performs port scan using nmap | |
| print_usage() { | |
| cat << _EOF_ | |
| Utility to scan open ports. Can be used to scan ports for a domain or a list of domains specified in a file. | |
| Example Usage: | |
| -h, --help Show brief help | |
| -d, --domain Domain name or ip to scan | |
| -f, --file Spefify a file containing domains/IPs to scan |
rudSarkar
/ gist:e85af346cbbacd1cc20d752b765472fb
Created
November 14, 2021 21:24
— forked from gunnarx/gist:527fbc385a2e76f89609d837b6447f85
Docker to Virtualbox
Docker image to Virtualbox disk
https://stackoverflow.com/questions/23436613/how-can-i-convert-a-docker-image-into-a-vagrant-virtualbox-box by user blueskin (CC by-sa 3.0)
Find the size of the docker image from docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rudSarkar
/ nuclei-rce.yaml
Created
September 20, 2021 02:10
— forked from c3l3si4n/nuclei-rce.yaml
POC demonstrating RCE on Nuclei v2.5.0. The following PoC will execute `touch /tmp/rce_on_nuclei`. JS exploit based on CVE-2021-21224 PoCs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: nuclei-rce | |
| info: | |
| name: Nuclei Template RCE by Chromium | |
| author: c3l3si4n | |
| severity: critical | |
| tags: rce,hackback | |
| headless: | |
| - steps: |
rudSarkar
/ apk-recon.yaml
Created
August 7, 2021 08:00
— forked from nullenc0de/apk-recon.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: apk-recon | |
| info: | |
| name: APK Recon | |
| author: nullenc0de | |
| severity: info | |
| tags: android,file | |
| file: | |
| - extensions: |
rudSarkar
/ genymotionwithplay.txt
Created
August 2, 2021 11:50
— forked from wbroek/genymotionwithplay.txt
Genymotion with Google Play Services for ARM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NOTE: Easier way is the X86 way, described on https://www.genymotion.com/help/desktop/faq/#google-play-services | |
| Download the following ZIPs: | |
| ARM Translation Installer v1.1 (http://www.mirrorcreator.com/files/0ZIO8PME/Genymotion-ARM-Translation_v1.1.zip_links) | |
| Download the correct GApps for your Android version: | |
| Google Apps for Android 6.0 (https://www.androidfilehost.com/?fid=24052804347835438 - benzo-gapps-M-20151011-signed-chroma-r3.zip) | |
| Google Apps for Android 5.1 (https://www.androidfilehost.com/?fid=96042739161891406 - gapps-L-4-21-15.zip) | |
| Google Apps for Android 5.0 (https://www.androidfilehost.com/?fid=95784891001614559 - gapps-lp-20141109-signed.zip) |
NewerOlder