Skip to content

Instantly share code, notes, and snippets.

View rudSarkar's full-sized avatar
:electron:
Negatively Charged

Rudra Sarkar rudSarkar

:electron:
Negatively Charged
View GitHub Profile
id: apk-recon
info:
name: APK Recon
author: nullenc0de
severity: info
tags: android,file
file:
- extensions:
@rudSarkar
rudSarkar / cloud_metadata.txt
Created February 12, 2022 10:25 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@rudSarkar
rudSarkar / bucket-disclose.sh
Created June 17, 2022 02:36 — forked from fransr/bucket-disclose.sh
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@rudSarkar
rudSarkar / OBWS_2.md
Created May 26, 2022 11:51 — forked from seresistvanandras/OBWS_2.md
Hacking smart contracts for fun and profit

Hacking smart contracts for fun and profit

Description of the game

The goal of the game to break as many contracts as possible! Note: one of these contracts is a HONEYPOT! BE CAREFUL!!

Claim your Ropsten test ether here!

The contracts you need to break and their addresses:

# -------------------------------------------------
# Protect your .git directory!
# (You don't want anyone to download a copy of your website)
# -------------------------------------------------
# Add to .htaccess
# For Apache 2.4
<DirectoryMatch "^/.*/\.git/">
@rudSarkar
rudSarkar / AuthyToOtherAuthenticator.md
Created July 31, 2021 10:56 — forked from gboudreau/AuthyToOtherAuthenticator.md
Export TOTP tokens from Authy

Generating Authy passwords on other authenticators


There is an increasing count of applications which use Authy for two-factor authentication. However many users who aren't using Authy, have their own authenticator setup up already and do not wish to use two applications for generating passwords.

Since I use 1Password for all of my password storing/generating needs, I was looking for a solution to use Authy passwords on that. I couldn't find any completely working solutions, however I stumbled upon a gist by Brian Hartvigsen. His post had a neat code with it to generate QR codes for you to use on your favorite authenticator.

His method is to extract the secret keys using Authy's Google Chrome app via Developer Tools. If this was not possible, I guess people would be reverse engineering the Android app or something like that. But when I tried that code, nothing appeared on the screen. My guess is that Brian used the

@rudSarkar
rudSarkar / port-scan.sh
Created December 8, 2021 07:50 — forked from priyanshus/port-scan.sh
NMAP scan for a list of subdomains
#!/bin/bash
#Performs port scan using nmap
print_usage() {
cat << _EOF_
Utility to scan open ports. Can be used to scan ports for a domain or a list of domains specified in a file.
Example Usage:
-h, --help Show brief help
-d, --domain Domain name or ip to scan
-f, --file Spefify a file containing domains/IPs to scan
@rudSarkar
rudSarkar / nuclei-rce.yaml
Created September 20, 2021 02:10 — forked from c3l3si4n/nuclei-rce.yaml
POC demonstrating RCE on Nuclei v2.5.0. The following PoC will execute `touch /tmp/rce_on_nuclei`. JS exploit based on CVE-2021-21224 PoCs
id: nuclei-rce
info:
name: Nuclei Template RCE by Chromium
author: c3l3si4n
severity: critical
tags: rce,hackback
headless:
- steps:
@rudSarkar
rudSarkar / genymotionwithplay.txt
Created August 2, 2021 11:50 — forked from wbroek/genymotionwithplay.txt
Genymotion with Google Play Services for ARM
NOTE: Easier way is the X86 way, described on https://www.genymotion.com/help/desktop/faq/#google-play-services
Download the following ZIPs:
ARM Translation Installer v1.1 (http://www.mirrorcreator.com/files/0ZIO8PME/Genymotion-ARM-Translation_v1.1.zip_links)
Download the correct GApps for your Android version:
Google Apps for Android 6.0 (https://www.androidfilehost.com/?fid=24052804347835438 - benzo-gapps-M-20151011-signed-chroma-r3.zip)
Google Apps for Android 5.1 (https://www.androidfilehost.com/?fid=96042739161891406 - gapps-L-4-21-15.zip)
Google Apps for Android 5.0 (https://www.androidfilehost.com/?fid=95784891001614559 - gapps-lp-20141109-signed.zip)