Dwi Siswanto dwisiswant0

## genymotionwithplay.txt
NOTE: Easier way is the X86 way, described on https://www.genymotion.com/help/desktop/faq/#google-play-services

Download the following ZIPs:

    ARM Translation Installer v1.1 (http://www.mirrorcreator.com/files/0ZIO8PME/Genymotion-ARM-Translation_v1.1.zip_links)

    Download the correct GApps for your Android version:
      Google Apps for Android 6.0 (https://www.androidfilehost.com/?fid=24052804347835438 - benzo-gapps-M-20151011-signed-chroma-r3.zip)
      Google Apps for Android 5.1 (https://www.androidfilehost.com/?fid=96042739161891406 - gapps-L-4-21-15.zip)
      Google Apps for Android 5.0 (https://www.androidfilehost.com/?fid=95784891001614559 - gapps-lp-20141109-signed.zip)

## Timing Attack for 4 digits password
"""
The function check_password(password) is used by a safe with 4-digits passwords, and is
susceptible to timing attacks. More specifically, it takes it around 0.1 seconds to check
one digit – so brute-forcing all the possible combinations will take around 1,500 hours.
Can you implement a way to crack its password in less than a minute?
"""

import time
import sys # ignore

## CSM_pocs.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              2 stars
            
          
                dwisiswant0
                / CSM_pocs.md
            
            
              Created
              November 17, 2020 11:29
                — forked from Frycos/CSM_pocs.md
            
          
    TLDR


Cisco Security Manager is an enterprise-class security management application that provides insight into
and control of Cisco security and network devices. Cisco Security Manager offers comprehensive security
management (configuration and event management) across a wide range of Cisco security appliances,
including Cisco ASA Adaptive Security Appliances, Cisco IPS Series Sensor Appliances, Cisco Integrated Services Routers (ISRs),
Cisco Firewall Services Modules (FWSMs), Cisco Catalyst, Cisco Switches and many more.
Cisco Security Manager allows you to manage networks of all sizes efficiently-from small networks to large networks consisting of hundreds of devices.

Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and (according to Cisco) patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITY\SYSTEM.

  
## git-io-custom-url.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                dwisiswant0
                / git-io-custom-url.md
            
            
              Created
              August 21, 2020 22:37
                — forked from dikiaap/git-io-custom-url.md
            
              
                git.io custom URL
              
          
    Command:
curl https://git.io/ -i -F "url=https://github.com/YOUR_GITHUB_URL" -F "code=YOUR_CUSTOM_NAME"
URLs that can be created is from:

https://github.com/*
https://*.github.com
https://*.github.com/*
https://*.github.io


## find js file one liner
assetfinder site.com | gau|egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)'|while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Zo-9_]+" |sed -e 's, 'var','"$url"?',g' -e 's/ //g'|grep -v '.js'|sed 's/.*/&=xss/g'):echo -e "\e[1;33m$url\n" "\e[1;32m$vars";done

## google-dorks

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!

## a2dp.py
#! /usr/bin/env python3.5
"""

Fixing bluetooth stereo headphone/headset problem in ubuntu 16.04 and also debian jessie, with bluez5.

Workaround for bug: https://bugs.launchpad.net/ubuntu/+source/indicator-sound/+bug/1577197
Run it with python3.5 or higher after pairing/connecting the bluetooth stereo headphone.

This will be only fixes the bluez5 problem mentioned above .

## 0-hidden-service-subdomains.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                dwisiswant0
                / 0-hidden-service-subdomains.md
            
            
              Created
              February 10, 2020 12:41
                — forked from mtigas/0-hidden-service-subdomains.md
            
              
                Example code for running a (HTTP/HTTPS) Tor hidden service supporting subdomains.
              
          
    The following files show an example of how to create subdomains for onion site
hidden services. (This hasn't been tested for hidden services for anything other
than HTTP/HTTPS.)
(You might also want to read our blog post about ProPublica’s Tor hidden service, including a tutorial and notes on running a hidden service: https://www.propublica.org/nerds/item/a-more-secure-and-anonymous-propublica-using-tor-hidden-services )
In general, this works (maybe just in recent Tor clients) because Tor will handle
the connection to www.xxxxxxxxxxxxxxxx.onion as a connection to
xxxxxxxxxxxxxxxx.onion. The encapsulated HTTP/HTTPS connection contains the
subdomain in the Host: header (and in the case of HTTPS, the SNI

  
## android-burp-cert.sh
# https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html
#
curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert  \
&& openssl x509 -inform DER -in cacert.der -out cacert.pem \
&& cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 \
&& adb root \
&& adb remount \
&& adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /sdcard/ \
&& echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /system/etc/security/cacerts/" | adb shell \
&& echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | adb shell \

## waybackurls.py
import requests
import sys
import json


def waybackurls(host, with_subs):
    if with_subs:
        url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
    else:
        url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
	NOTE: Easier way is the X86 way, described on https://www.genymotion.com/help/desktop/faq/#google-play-services

	Download the following ZIPs:

	ARM Translation Installer v1.1 (http://www.mirrorcreator.com/files/0ZIO8PME/Genymotion-ARM-Translation_v1.1.zip_links)

	Download the correct GApps for your Android version:
	Google Apps for Android 6.0 (https://www.androidfilehost.com/?fid=24052804347835438 - benzo-gapps-M-20151011-signed-chroma-r3.zip)
	Google Apps for Android 5.1 (https://www.androidfilehost.com/?fid=96042739161891406 - gapps-L-4-21-15.zip)
	Google Apps for Android 5.0 (https://www.androidfilehost.com/?fid=95784891001614559 - gapps-lp-20141109-signed.zip)
	"""
	The function check_password(password) is used by a safe with 4-digits passwords, and is
	susceptible to timing attacks. More specifically, it takes it around 0.1 seconds to check
	one digit – so brute-forcing all the possible combinations will take around 1,500 hours.
	Can you implement a way to crack its password in less than a minute?
	"""

	import time
	import sys # ignore

	" _ _ "
	" _ /\|\| . . \|\|\ _ "
	" ( } \\|\|D ' ' ' C\|\|/ { % "
	" \| /\__,=_[_] ' . . ' [_]_=,__/\ \|"
	" \|_\_ \|----\| \|----\| _/_\|"
	" \| \|/ \| \| \| \| \\| \|"
	" \| /_ \| \| \| \| _\ \|"

	It is all fun and games until someone gets hacked!
	#! /usr/bin/env python3.5
	"""

	Fixing bluetooth stereo headphone/headset problem in ubuntu 16.04 and also debian jessie, with bluez5.

	Workaround for bug: https://bugs.launchpad.net/ubuntu/+source/indicator-sound/+bug/1577197
	Run it with python3.5 or higher after pairing/connecting the bluetooth stereo headphone.

	This will be only fixes the bluez5 problem mentioned above .
	# https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html
	#
	curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert \
	&& openssl x509 -inform DER -in cacert.der -out cacert.pem \
	&& cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem \|head -1).0 \
	&& adb root \
	&& adb remount \
	&& adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem \|head -1).0 /sdcard/ \
	&& echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem \|head -1).0 /system/etc/security/cacerts/" \| adb shell \
	&& echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem \|head -1).0" \| adb shell \
	import requests
	import sys
	import json


	def waybackurls(host, with_subs):
	if with_subs:
	url = 'http://web.archive.org/cdx/search/cdx?url=.%s/&output=json&fl=original&collapse=urlkey' % host
	else:
	url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host