raghunayak

#!/usr/bin/env bash

# Script to disable auto-updater on Ubuntu 16.04

# Disable the automatic package updates
echo "Disabling automatic package updates and upgrades"
sudo sed -i 's/"1"/"0"/g' /etc/apt/apt.conf.d/10periodic /etc/apt/apt.conf.d/20auto-upgrades

# Stop and disable apt updater/upgrade timers/services
sudo systemctl disable --now apt-daily.timer

Rillke

  * Linux: ~/.ssh/config:
<code>
Host SHORTCUT
    Hostname FULLURL_OR_IP_TARGET_HOST
    User USERNAME

Host FULLURL_OR_IP_TARGET_HOST
    ProxyCommand ssh -a -W %h:%p BASTION_HOST
    Port NUMBER

EdOverflow

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

magnetikonline

AWS CLI JMESPath cheatsheet

Random query recipes of JMESPath for the AWS CLI tools that I might have written or stumbled upon.

• Examples
  • List available AWS regions
  • List Lambda functions within AWS account region
  • Test if specific Lambda function exists
  • List Route 53 record names and their type for a zone
  • List CloudWatch log groups

brianshumate

If you'd like to experiment with Terraform on macOS locally, a great provider for doing so is the Docker provider. You can get set up in a few simple steps, like so:

1. Install Docker

Install Docker for Mac if you have not already.

leonjza

# 2017 - @leonjza
#
# Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC
# Full bug description: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

# Usage example:
#
# List available posts:
#
# $ python inject.py http://localhost:8070/

clarketm

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!

bahmutov

# See list of docker virtual machines on the local box
$ docker-machine ls
NAME      ACTIVE   URL          STATE     URL                         SWARM   DOCKER   ERRORS
default   *        virtualbox   Running   tcp://192.168.99.100:2376           v1.9.1 

# Note the host URL 192.168.99.100 - it will be used later!

# Build an image from current folder under given image name
$ docker build -t gleb/demo-app .

ryanmaclean

Ubuntu for DevOps and SRE Work

Remove CDROM from Soures

sudo sed -i '/cdrom/d' /etc/apt/sources.list

Quick and Dirty SSH Server

I'd certainly recommend moving to keys over passwords, but for now, it'll do...

sudo apt-get install -y openssh-server
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults

miglen

/*

Този скрипт е пълен с едни от най-забавните коментари на български.
Разработен е от някой от разработчиците на Iliyan.com за Пощенска банка.
Пазя го за да се смеем ако го променят в сайта.

Оригинална локация: https://www.postbank.bg/Applications/Locations/_inc/js/locations.js

*/