Skip to content

Instantly share code, notes, and snippets.


Andrew Luke Sw4mpf0x

View GitHub Profile
carnal0wnage /
Last active Dec 13, 2020
use the gcloud utilities to enumerate as much access as possible from a GCP service account json file. see blog post: <to insert>
# gcloud auth activate-service-account --key-file=85.json
# gcloud projects list
echo "gcloud auth list"
gcloud auth list
echo -e "$space"
View jsp-jstl-intruders.txt
${0 }
${0 == pageList.maxPage}
${1 eq currentPageNumber }
${a+1 }
FrankSpierings /
Last active Dec 26, 2020
Linux Container Escapes and Hardening
briangershon / gist:fa9feb08e6a65d52bdc35c738d8cf104
Created Jan 8, 2017
Log Request Body for Debugging (golang)
View gist:fa9feb08e6a65d52bdc35c738d8cf104
buf, bodyErr := ioutil.ReadAll(r.Body)
if bodyErr != nil {
log.Print("bodyErr ", bodyErr.Error())
http.Error(w, bodyErr.Error(), http.StatusInternalServerError)
rdr1 := ioutil.NopCloser(bytes.NewBuffer(buf))
rdr2 := ioutil.NopCloser(bytes.NewBuffer(buf))
log.Printf("BODY: %q", rdr1)
mccabe615 /
Last active Jan 10, 2021
Angular Template Injection Payloads

1.3.2 and below


'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
epixoip /
Last active Jan 8, 2021
8x Nvidia GTX 1080 Hashcat Benchmarks
BuffaloWill / cloud_metadata.txt
Last active Jan 25, 2021
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## IPv6 Tests
## AWS
# Amazon Web Services (No Header Required)
# from[ROLE NAME]
andrewlkho / gist:7373190
Last active Sep 28, 2020
How to use authentication subkeys in gpg for SSH public key authentication
View gist:7373190

GPG subkeys marked with the "authenticate" capability can be used for public key authentication with SSH. This is done using gpg-agent which, using the --enable-ssh-support option, can implement the agent protocol used by SSH.


A working gpg2 setup is required. It may be possible to use gpg 1.4 but with gpg-agent compiled from gpg2. If you are using OS X 10.9 (Mavericks) then you may find the instructions [here][1] useful.