Skip to content

Instantly share code, notes, and snippets.

View rudSarkar's full-sized avatar
:electron:
Negatively Charged

Rudra Sarkar rudSarkar

:electron:
Negatively Charged
View GitHub Profile
${ctx:loginId}
${map:type}
${filename}
${date:MM-dd-yyyy}
${docker:containerId}
${docker:containerName}
${docker:imageName}
${env:USER}
${event:Marker}
${mdc:UserId}
@c3l3si4n
c3l3si4n / nuclei-rce.yaml
Last active September 7, 2024 08:39
POC demonstrating RCE on Nuclei v2.5.1. The following PoC will execute `touch /tmp/rce_on_nuclei`. JS exploit based on CVE-2021-21224 PoCs
id: nuclei-rce
info:
name: Nuclei Template RCE by Chromium
author: c3l3si4n
severity: critical
tags: rce,hackback
headless:
- steps:
@MichaelCurrin
MichaelCurrin / README.md
Last active August 25, 2024 22:29
Jekyll - how to build a REST API

Jekyll - how to build a REST API

Serve your data as static JSON

How to make a read-only JSON REST API using Jekyll.

This doesn't need any Ruby plugins - you just use some built-in templating features in Jekyll 3 or 4.

You will end up with a single JSON file contains data for all pages on the site, and another JSON file of just posts. Alternatively, you can replace every HTML page and post with a JSON version.

TLDR

Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices. Cisco Security Manager offers comprehensive security management (configuration and event management) across a wide range of Cisco security appliances, including Cisco ASA Adaptive Security Appliances, Cisco IPS Series Sensor Appliances, Cisco Integrated Services Routers (ISRs), Cisco Firewall Services Modules (FWSMs), Cisco Catalyst, Cisco Switches and many more. Cisco Security Manager allows you to manage networks of all sizes efficiently-from small networks to large networks consisting of hundreds of devices.

Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and (according to Cisco) patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITY\SYSTEM.

@assafmo
assafmo / 1_curl_tor.sh
Last active October 15, 2024 15:37
Use curl with TOR as proxy
#!/bin/bash
# Install
sudo apt install -y tor
# Use
curl --proxy socks5h://localhost:9050 https://check.torproject.org
@Techbrunch
Techbrunch / magic.sh
Created April 3, 2020 18:50
Adding magic bytes at the beginning of a file
# The magic bytes for PNG
echo '89 50 4E 47 0D 0A 1A 0A' | xxd -p -r >> reverse.php.png
cat reverse.php >> reverse.php.png
@johnwgillis
johnwgillis / How to setup GPG for git.md
Last active August 8, 2024 19:19
How to setup GPG for signing commits with Git, SourceTree, and GitHub on Mac

How to setup GPG for signing commits with Git, SourceTree, and GitHub on Mac

  1. Install GPG tools
    1. Install GPG tools and setup pin entry by running:
    brew install gnupg pinentry-mac
    mkdir -m 700 -p ~/.gnupg
    echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
    killall gpg-agent
    
@priyanshus
priyanshus / port-scan.sh
Last active September 7, 2024 08:39
NMAP scan for a list of subdomains
#!/bin/bash
#Performs port scan using nmap
print_usage() {
cat << _EOF_
Utility to scan open ports. Can be used to scan ports for a domain or a list of domains specified in a file.
Example Usage:
-h, --help Show brief help
-d, --domain Domain name or ip to scan
-f, --file Spefify a file containing domains/IPs to scan
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active December 7, 2024 14:47
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@tomnomnom
tomnomnom / google-copy.js
Created June 19, 2019 21:27
Bookmarklet to copy URLs from a Google search results page
javascript:d=document;b=d.createElement`textarea`;c=d.getSelection();b.textContent=[...d.querySelectorAll`div.r>a:first-child`].map(n=>n.href).join`\n`;d.body.appendChild(b);c.removeAllRanges();b.select();d.execCommand`copy`;d.body.removeChild(b)