#Code for bruteforcing a UUID for pentesterlab's MongoDB injection exercise. | |
import cookielib, urllib2, urllib | |
from bs4 import BeautifulSoup | |
found = "" | |
potentialChar = ["0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f","-"] | |
while True: |
#!/bin/sh | |
WEBHOOK_URL="put your url here" | |
PING="<@put your user id here>" | |
MESSAGE="$PING reminder" | |
JSON="{\"content\": \"$MESSAGE\"}" | |
curl -d "$JSON" -H "Content-Type: application/json" "$WEBHOOK_URL" |
I tested the setup on Debian Stretch (naive installation) and Jessie (LinuxGSM installation). The setup should work on Debian 8 (Jessie), Debian 9 (Stretch) and Ubuntu (16.04). However, If you're running on Windows or other non-debian based Linux OS (e.g. CentOS, openSUSE), this guide doesn't apply to you.
I'm hosting FFA warm-up and HvH(soon) servers in San Francisco, welcome to join by:
IPv4: 159.89.154.137
Ipv6: 2604:a880:2:d0::20ad:2001
#!/bin/bash | |
# Converter.sh by @xdavidhu | |
# This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix | |
# With this script, you can convert domain lists to resolved IP lists without duplicates. | |
# Usage: ./converter.sh [domain-list-file] [output-file] | |
echo -e "[+] Converter.sh by @xdavidhu\n" | |
if [ -z "$1" ] || [ -z "$2" ]; then | |
echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]" | |
exit 1 |
Target: | |
{ | |
"alg": "HS256", | |
"typ": "JWT" | |
} | |
{ | |
"sub": "1234567890", | |
"name": "John Doe", | |
"iat": 1516239022 |
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to | |
# newer versions of the distribution. | |
deb http://us.archive.ubuntu.com/ubuntu/ bionic main restricted | |
# deb-src http://us.archive.ubuntu.com/ubuntu/ bionic main restricted | |
## Major bug fix updates produced after the final release of the | |
## distribution. | |
deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted | |
# deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted |
#Start postgres | |
root@kali ~# systemctl start postgresql | |
#Start metasploit database | |
root@kali ~# msfdb init | |
#Start metasploit framework | |
root@kali ~# msfconsole | |
#Iniciado o Metasploit |
#!/usr/bin/python3 | |
# | |
# CVE-2018-10993 libSSH authentication bypass exploit | |
# | |
# The libSSH library has flawed authentication/connection state-machine. | |
# Upon receiving from connecting client the MSG_USERAUTH_SUCCESS Message | |
# (as described in RFC4252, sec. 5.1.) which is an authentication response message | |
# that should be returned by the server itself (not accepted from client) | |
# the libSSH switches to successful post-authentication state. In such state, |
You might want to read this to get an introduction to armel vs armhf.
If the below is too much, you can try Ubuntu-ARMv7-Qemu but note it contains non-free blobs.
First, cross-compile user programs with GCC-ARM toolchain. Then install qemu-arm-static
so that you can run ARM executables directly on linux
If there's no qemu-arm-static
in the package list, install qemu-user-static
instead