This document contains excerpts from my web server logs collected over a period of 7 years that shows various kinds of recon and attack vectors.
There were a total of 37.2 million lines of logs out of which 1.1 million unique HTTP requests (Method + URI) were found.
$ sed 's/^.* - - \[.*\] "\(.*\) HTTP\/.*" .*/\1/' access.log > requests.txt
| import psycopg2 | |
| connection = psycopg2.connect("dbname=name-of-db user=prod password=xxxx host=somehost sslmode=verify-full sslrootcert=/usr/local/share/ca-certificates/ca-2019-root.pem") |
| #!/bin/bash | |
| OWNER=<org_name> | |
| REPO=$1 | |
| WORKFLOW_NAME=$2 | |
| # list workflows | |
| WORKFLOW_IDS=($(gh api -X GET /repos/$OWNER/$REPO/actions/workflows | jq -r '.workflows[] | select(.state=="disabled_manually") | .id')) | |
| for WORKFLOW_ID in "${WORKFLOW_IDS}" | |
| do |
| from app import app | |
| from werkzeug.contrib.profiler import ProfilerMiddleware | |
| if __name__ == '__main__': | |
| app.config['PROFILE'] = True | |
| app.wsgi_app = ProfilerMiddleware(app.wsgi_app, restrictions=[30]) | |
| app.run() |
| -- show running queries (pre 9.2) | |
| SELECT procpid, age(query_start, clock_timestamp()), usename, current_query | |
| FROM pg_stat_activity | |
| WHERE current_query != '<IDLE>' AND current_query NOT ILIKE '%pg_stat_activity%' | |
| ORDER BY query_start desc; | |
| -- show running queries (9.2) | |
| SELECT pid, age(query_start, clock_timestamp()), usename, query | |
| FROM pg_stat_activity | |
| WHERE query != '<IDLE>' AND query NOT ILIKE '%pg_stat_activity%' |
| import subprocess | |
| import json | |
| import os, errno | |
| import argparse | |
| def mkdir_p(path): | |
| try: | |
| os.makedirs(path) | |
| except OSError as exc: | |
| if exc.errno == errno.EEXIST and os.path.isdir(path): |
The standard way of understanding the HTTP protocol is via the request reply pattern. Each HTTP transaction consists of a finitely bounded HTTP request and a finitely bounded HTTP response.
However it's also possible for both parts of an HTTP 1.1 transaction to stream their possibly infinitely bounded data. The advantages is that the sender can send data that is beyond the sender's memory limit, and the receiver can act on
| --- | |
| # ^^^ YAML documents must begin with the document separator "---" | |
| # | |
| #### Example docblock, I like to put a descriptive comment at the top of my | |
| #### playbooks. | |
| # | |
| # Overview: Playbook to bootstrap a new host for configuration management. | |
| # Applies to: production | |
| # Description: | |
| # Ensures that a host is configured for management with Ansible. |
I screwed up using git ("git checkout --" on the wrong file) and managed to delete the code I had just written... but it was still running in a process in a docker container. Here's how I got it back, using https://pypi.python.org/pypi/pyrasite/ and https://pypi.python.org/pypi/uncompyle6
apt-get update && apt-get install gdb