Skip to content

Instantly share code, notes, and snippets.

@chrisdlangton
chrisdlangton / user-data.sh
Last active December 13, 2023 09:13
run ubuntu with kali on ec2
#!/bin/bash -ex
sudo su -
apt-get update
apt-get install -y build-essential git jq curl wget gnupg
wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add -
sh -c "echo 'deb https://http.kali.org/kali kali-rolling main non-free contrib' > /etc/apt/sources.list.d/kali.list"
sh -c "echo 'Package: *' > /etc/apt/preferences.d/kali.pref
echo 'Pin: release a=kali-rolling' >> /etc/apt/preferences.d/kali.pref
echo 'Pin-Priority: 50' >> /etc/apt/preferences.d/kali.pref"
wget http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2022.1_all.deb
@chrisdlangton
chrisdlangton / xor.py
Created November 16, 2023 00:02
Use NLP to filter results of bruteforce key length for XOR encoded words, alphanumeric, or phrase
import string, itertools, time, re
from nltk.corpus import words
from nltk.tokenize import word_tokenize
import nltk
flag = "The message is too secret"
secret_key = 'CTFKey'
def is_mostly_english(text, threshold: float = 0.5):
@chrisdlangton
chrisdlangton / hawkauth_mitm_poc.js
Last active July 24, 2023 01:30
PoC for GHSA-mrcf-5cch-47mc mozilla/hawk
/**
* Gist: https://gist.github.com/chrisdlangton/cd32ad083294c56c509828a7b9f7e90e
* Advisory: https://github.com/chrisdlangton/hawk/security/advisories/GHSA-mrcf-5cch-47mc
*/
const hawk = require('hawk')
const credentials = {
id: 'dh37fgj492je',
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
algorithm: 'sha256'
@chrisdlangton
chrisdlangton / coverletter.txt
Created February 2, 2023 08:39
ChatGPT Cloud Engineer job application cover letter
Cloud Engineer Cover Letter
Chris
Write a cover letter for a cloud engineer job at a product focussed company
Dear Hiring Manager,
I am writing to apply for the Cloud Engineer position at [Company Name], and I am confident that my extensive experience and skills make me an ideal candidate for this role. I have a passion for developing and deploying innovative cloud solutions that drive business success, and I am excited about the opportunity to bring my expertise to your team.
@chrisdlangton
chrisdlangton / cloud_metadata.txt
Created July 5, 2022 00:31 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@chrisdlangton
chrisdlangton / cose_lookup.js
Created July 16, 2021 07:48
Lookups for CBOR Object Signing and Encryption (COSE) used in WebAuthn
/** https://tools.ietf.org/id/draft-ietf-cose-webauthn-algorithms-03.html */
const COSE_Key_Types = [
void 0,
'OKP, Octet Key Pair - Elliptic Curve',
'EC2, Elliptic Curve Keys w/ x- and y-coordinate pair',
'RSA, RSA Key',
'Symmetric, Symmetric Keys',
'HSS-LMS, Public key for HSS/LMS hash-based digital signature',
'WalnutDSA, WalnutDSA public key',
]
@chrisdlangton
chrisdlangton / hmac_decorator.py
Last active January 5, 2021 04:42
Time-based HMAC signature SHA256, SHA512, SHA3-256, SHA3-384, SHA3-512, and BLAKE2 for Python Flask with Javascript Forge.js and Bash/OpenSSL/Curl clients
import hashlib
import hmac
from base64 import b64encode
from functools import wraps
from datetime import datetime, timedelta
from flask import request, abort
from flask_login import login_user
from models import User, ApiKey
def require_hmac(not_before_seconds: int = 3, expire_after_seconds: int = 3):
@chrisdlangton
chrisdlangton / hosting_providers.py
Created October 26, 2020 13:43
List of web hosting providers - expected these services have customers that use CNAME records for custom/vanity domains
"""
The following python list of tuples is in the form of;
(<url_segment>, <provider_name>)
url_segment: str = a substring match, can be of prefix suffic or any substring
provider_name: str = human friendly name of the provier
"""
hosting_providers = [
('.clients.turbobytes.net', 'TurboBytes',),
('.turbobytes-cdn.com', 'TurboBytes',),
('.afxcdn.net', 'afxcdn.net',),
@chrisdlangton
chrisdlangton / managed_dns.py
Last active March 8, 2021 13:49
List of managed dns providers - WAF, Firewall, DDOS protection, CDN, Anti-bots, Anti-spam
"""
The following python list of tuples is in the form of;
(<url_segment>, <provider_name>, <ns_ignore_list>)
url_segment: str = a substring match, can be of prefix suffic or any substring
provider_name: str = human friendly name of the provier
ns_ignore_list: list(str) = a list of url_segment substrings used to identify if the NS lookup is
always going to be a match, useful when checking for provider customers
usage of the service and excluding obligatory references to minimise
double counting an single usage
"""
@chrisdlangton
chrisdlangton / proxy_download_to_file.js
Last active June 5, 2021 14:45
Node.js 14 download to file via proxy
require('dotenv').config()
const { URL } = require('url');
const http = require('http')
const https = require('https')
const yaml = require('js-yaml')
const fs = require('fs')
const config = yaml.load(fs.readFileSync(process.env.CONFIG_FILE, 'utf8'))
const download_to_file = (url, dest_path, callback) => {
const file = fs.createWriteStream(dest_path)