-
$ sudo pacman -S tor $ ## nyx provides a terminal status monitor for bandwidth usage, connection details and more.
$ sudo pacman -S nyx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset=”utf-8" /> | |
| <title>Zero Click Account takeover</title> | |
| <meta name=”description” content=”” /> | |
| <meta name=”viewport” content=”width=device-width” /> | |
| <base href=”/” /> | |
| <script src=”lib/socket.io.min.js”></script> | |
| </head> |
1dayluo
/ clash-naiveproxy.yaml
Created
August 23, 2023 10:29
— forked from segfault-bilibili/clash-naiveproxy.yaml
Clash config which makes use of naiveproxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 这个配置可以让Clash将naiveproxy作为上游代理,尤其是可以利用它的tun模式方便地实现全局透明代理 | |
| # 但很显然,必须额外跑一个naiveproxy客户端,不能做到简单拖动Clash配置后立即可用 | |
| # 注意:务必按下述示例把naiveproxy服务器的IPv4/v6地址以及域名加入直连规则 | |
| mixed-port: 7890 | |
| allow-lan: false | |
| bind-address: '127.0.0.1' | |
| mode: rule | |
| log-level: info | |
| external-controller: '127.0.0.1:9090' | |
| dns: |
1dayluo
/ install-tor-on-arch-linux.md
Created
March 7, 2023 02:16
— forked from valyakuttan/install-tor-on-arch-linux.md
1dayluo
/ escapeshellrce.md
Created
December 14, 2022 12:40
— forked from Zenexer/escapeshellrce.md
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure
Paul Buonopane paul@namepros.com at NamePros
PGP: https://keybase.io/zenexer
I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.
This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.
This advisory does not yet have associated CVE identifiers.
1dayluo
/ brutefoce_jwt
Created
November 24, 2022 14:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import hmac | |
| import hashlib | |
| import json | |
| jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjpudWxsfQ.Tr0VvdP6rVBGBGuI_luxGCOaz6BbhC6IxRTlKOW8UjM' | |
| def change_payload(jwt): | |
| payload = jwt.split('.')[1] |
1dayluo
/ rails_rce.rb
Created
September 28, 2022 03:50
— forked from postmodern/rails_rce.rb
Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion | |
| # | |
| # ## Caveats | |
| # |
1dayluo
/ List of API endpoints & objects
Created
April 17, 2022 11:28
— forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |