Skip to content

Instantly share code, notes, and snippets.

View Shaked's full-sized avatar

Shaked Klein Orbach Shaked

43 followers · 44 following
View GitHub Profile
@Shaked
Shaked / ffuf.md
Last active December 30, 2019 15:54

I use this function in my .zshrc file

Fuzz with stdin

fuzz-in() {
	strip=$(echo $1|sed 's/:\/\///')
	strip=$(echo $strip| sed 's/\\/\-/g')
	strip=$(echo $strip| sed 's/\//-/g')
	ffuf -u $1 -t 10 -o $strip.fuzz.txt -of md -p 1 "${@:2}" -w -
@Shaked
Shaked / remote.php
Created October 6, 2019 11:03
SSRF ideas?
<?php
$url = $_GET['url'];
$xml = @file_get_contents($url);
$ret = [];
if ($xml) {
$doc = new DOMDocument();
libxml_use_internal_errors(true);
if ($doc->loadHTML($xml)) {
@Shaked
Shaked / README.md
Last active August 13, 2019 22:44 
$ lsb_release  -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.2 LTS
Release:	18.04
Codename:	bionic

$ dpkg -l | grep strongswan
ii  libstrongswan                       5.6.2-1ubuntu2.4                            amd64        strongSwan utility and crypto library
@Shaked
Shaked / Dockerfile1604
Last active June 13, 2019 13:14
FROM arm64v8/ubuntu:16.04
RUN apt-get update && \
apt-get install -y software-properties-common vim && \
add-apt-repository ppa:jonathonf/python-3.6
RUN apt-get update -y
RUN apt-get install -y build-essential python3.6 python3.6-dev python3-pip python3.6-venv && \
apt-get install -y git
@Shaked
Shaked / Dockerfile
Created April 14, 2019 17:10
# docker build -t ubuntu1604py36
FROM ubuntu:18.04
RUN apt-get update && \
apt-get install -y software-properties-common vim && \
add-apt-repository ppa:jonathonf/python-3.6
RUN apt-get update -y
RUN apt-get install -y build-essential python3.6 python3.6-dev python3-pip python3.6-venv && \
apt-get install -y git
@Shaked
Shaked / example.php
Created February 2, 2019 14:06
<?php
..
..
$cmd = 'docker build someimage';
$process = Process::fromShellCommandline($cmd);
$process->setTimeout(0);
$process->run(function ($type, $buffer) {
if (Process::ERR === $type) {
echo 'ERR > '.$buffer;
@Shaked
Shaked / gist:90af6960ddb940d76b4a4e1117a00552
Created January 30, 2019 11:31 — forked from tonyc/gist:1384523
Using strace and lsof

Using strace and lsof to debug blocked processes

You can use strace on a specific pid to figure out what a specific process is doing, e.g.:

strace -fp <pid>

You might see something like:

select(9, [3 5 8], [], [], {0, 999999}) = 0 (Timeout)

@Shaked
Shaked / Secure.php
Created October 15, 2018 17:43
PHP Security Question - Is This Secure?
<?php
$userRequest = $_GET['userRequest'] ?? null;
$path = 'file' . $userRequest;
if (file_exists($path)) {
require_once($path);
} else {
echo 'File does not exist';
}
@Shaked
Shaked / IsThisSecure.php
Created October 14, 2018 10:55
<?php
class A {
/**
* @param $args
*/
public function methodIsCool($args) {
var_dump($args);
}
@Shaked
Shaked / ExceptionListener.php
Last active September 4, 2018 11:30
<?php
namespace App;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
use Psr\Log\LoggerInterface;
class ExceptionListener {