Skip to content

Instantly share code, notes, and snippets.

@glaslos
glaslos / demo_web_honeypot.py
Last active March 23, 2016 23:38
demo_web_honeypot
import SimpleHTTPServer
import SocketServer
paths = set()
class Handler(SimpleHTTPServer.SimpleHTTPRequestHandler):
def do_GET(self):
# Detect remote file inclusion
if '=http' in self.path:
#!/usr/bin/env bash
# Author: Josh Stroschein
# Date: 22 Nov 2020
# Reference: https://suricata-update.readthedocs.io/en/latest/quickstart.html#directories-and-permissions
if (($EUID != 0)); then
echo -e "[!] Please run this script as root or with \"sudo\"\n"
exit 1
fi
@rishiloyola
rishiloyola / gist:79f869749bf54d135f7f6fe61e0e99a7
Last active February 21, 2022 14:21
[ELK Stack] Generate TLS certs for filebeat and logstash
1. Generate new domain name for logstash server.
For this tutorial
domain name = logstash-prod.xyz.com
ip = 1.2.3.4
* Enter to following directory
```
$ sudo mkdir /etc/pki
$ cd /etc/pki
@tylernchls
tylernchls / Webgoat.md
Last active December 17, 2022 21:52
Web Goat Solutions

HTTP Basics

Excerise #2
  • Solution: Inpect Post request in dev tools and you will see magic number at bottom with the post data.

SQL Lesson

String injection
  • Goal: Return all users from the user table in the db via string injection
  • Enter Smith will give you single record
  • Solution: Fart' OR '1'='1
  • The above will return all users in the db even though their is no user named Fart. This is because every record will return with a true value hence the OR statement('1'='1 or true), therefore return the whole users table.