Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!
openssl genrsa -des3 -out rootCA.key 4096
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * (un)comment correct payload first (x86 or x64)! | |
| * | |
| * $ gcc cowroot.c -o cowroot -pthread | |
| * $ ./cowroot | |
| * DirtyCow root privilege escalation | |
| * Backing up /usr/bin/passwd.. to /tmp/bak | |
| * Size of binary: 57048 | |
| * Racing, this may take a while.. | |
| * /usr/bin/passwd overwritten |
fntlnz
/ self-signed-certificate-with-custom-ca.md
Last active
April 19, 2024 12:30
Self Signed Certificate with Custom Root CA
ndavison
/ hbh-header-abuse-test.py
Last active
April 16, 2024 09:36
Attempts to find hop-by-hop header abuse potential against the provided URL.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # github.com/ndavison | |
| import requests | |
| import random | |
| import string | |
| from argparse import ArgumentParser | |
| parser = ArgumentParser(description="Attempts to find hop-by-hop header abuse potential against the provided URL.") | |
| parser.add_argument("-u", "--url", help="URL to target (without query string)") |
ryhanson
/ ExcelXLL.md
Last active
March 29, 2024 05:27
Execute a DLL via .xll files and the Excel.Application object's RegisterXLL() method
A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.
When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\.
The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN
The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc
atoponce
/ gist:07d8d4c833873be2f68c34f9afc5a78a
Last active
March 19, 2024 17:24
— forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices
Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.
The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ## Decodes NTLM "Authenticate" HTTP-Header blobs. | |
| ## Reads the raw blob from stdin; prints out the contained metadata. | |
| ## Supports (auto-detects) Type 1, Type 2, and Type 3 messages. | |
| ## Based on the excellent protocol description from: | |
| ## <http://davenport.sourceforge.net/ntlm.html> | |
| ## with additional detail subsequently added from the official protocol spec: | |
| ## <http://msdn.microsoft.com/en-us/library/cc236621.aspx> | |
| ## |
nicolas-grekas
/ Advanced-HTTP-en.md
Created
June 15, 2011 22:03
Advanced handling of HTTP requests in PHP
Nicolas Grekas - nicolas.grekas, gmail.com
17 June 2011 - Last updated on 3 sept. 2011
Not updated any more on this gist. See:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| query IntrospectionQuery { | |
| __schema { | |
| queryType { name } | |
| mutationType { name } | |
| subscriptionType { name } | |
| types { | |
| ...FullType | |
| } | |
| directives { |
corsix
/ Exploiting Lua 5.1 on 32-bit Windows.md
Created
September 16, 2013 00:20
The following Lua program generates a Lua bytecode program called ignore-unsigned-sga.fnt, which in turn loads a DLL from within an extremely locked down Lua 5.1 sandbox in a program called RelicCOH2.exe. The remainder of this document attempts to explain how this program works by a whirlwind tour of relevent bits of the Lua 5.1 virtual machine.
if string.dump(function()end):sub(1, 12) ~= "\27Lua\81\0\1\4\4\4\8\0" then
error("This generator requires a 32-bit version of Lua 5.1")
end
local function outer()
local magic -- In bytecode, the stack slot corresponding to this local is changedNewerOlder