Cheatsheet for HackTheBox with common things to do while solving these CTF challenges.
Because a smart man once said:
Never google twice.
# Domains with malicious or phishing intent by mimicing domains from real email services | |
# Examples: example domains (RFC 2606 & 6761) and fake domains that spoof real domains used for email services | |
address.local | |
cacema.nl | |
casama.nl | |
example.com | |
example.net | |
example.org | |
gmail.nl | |
gmial.com |
# Domains used for email by consumers and consumer ISPs | |
# Included: General email providers, and Dutch and Belgium consumer ISPs | |
# | |
# GENERAL EMAIL PROVIDERS | |
aol.com | |
compuserve.com | |
cs.com | |
gmail.com | |
googlemail.com | |
hotmail.com |
#!/bin/bash | |
# exit when the command fails | |
set -o errexit; | |
# exit when try to use undeclared var | |
set -o nounset; | |
accessKeyToSearch=${1?"Usage: bash $0 AccessKeyId"} |
package main | |
import ( | |
"fmt" | |
"strings" | |
"net/http" | |
"io/ioutil" | |
"math/rand" | |
"time" | |
) |
""" | |
This script is a wrapper around veracrypt and zim that makes it easy to work | |
with notebooks that reside inside a veracrypt container. | |
The script does three things: | |
1) Mounts a veracrypt container to a target location. | |
2) Runs a zim notebook, intended to be located in the mounted partition. | |
3) Unmounts the partition when either Zim or this script exits. | |
Note: sudo session from mount might have expired. Be prepared to re-insert | |
sudo password. |
Cheatsheet for HackTheBox with common things to do while solving these CTF challenges.
Because a smart man once said:
Never google twice.
#!/bin/bash | |
# Converter.sh by @xdavidhu | |
# This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix | |
# With this script, you can convert domain lists to resolved IP lists without duplicates. | |
# Usage: ./converter.sh [domain-list-file] [output-file] | |
echo -e "[+] Converter.sh by @xdavidhu\n" | |
if [ -z "$1" ] || [ -z "$2" ]; then | |
echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]" | |
exit 1 |
version: '2' | |
services: | |
plex: | |
image: linuxserver/plex | |
container_name: plex | |
volumes: | |
- /path/to/plex/config:/config | |
- /path/to/plex/Movies:/data/movies | |
- /path/to/plex/Shows:/data/tvshows | |
- /path/to/plex/transcode:/data/transcode |
class << self | |
def query(params) | |
listings = self.active_record_search(params) # filter by other parameters first | |
# return right there if search is blank | |
return listings.page(params[:page]) if params[:search].blank? | |
# otherwise pass already filtered set to elastic search for further filtering | |
listing_ids = listings.pluck(:id) | |
self.elastic_search(params, listing_ids) |
## AWS | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/ami-id | |
http://169.254.169.254/latest/meta-data/reservation-id | |
http://169.254.169.254/latest/meta-data/hostname | |
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |