Skip to content

Instantly share code, notes, and snippets.

View saadazghour's full-sized avatar
:octocat:
Working from anywhere

Saad Azghour saadazghour

:octocat:
Working from anywhere
View GitHub Profile
CVE-2020-11976 - Apache wicket LFI / markup source file read vulnerability
------------------------------------------
By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates.
This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering.
Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5
For example if there are credentials in the markup which are never supposed to be visible to the client:
<wicket:remove>
@AvasDream
AvasDream / oscp_prep.md
Last active October 11, 2024 21:17
Resource for OSCP like HTB Boxes with Ippsec Videos and Writeups.
@niklaskeerl
niklaskeerl / backup.md
Last active May 24, 2024 10:00
Encrypted backup using an external hard drive with luks and timeshift
@screetsec
screetsec / gist:6ee948503960f1b9d4b7b8465aea2d73
Last active May 25, 2023 16:16
One Liner to get Hidden URL Parameter from Passive scan using Web Archive. Regex using DFA Engine, Support and Collecting URL with multi Parameter to Fuzzing & Removing Duplicate
curl -s "http://web.archive.org/cdx/search/cdx?url=*.bugcrowd.com/*&output=text&fl=original&collapse=urlkey" | grep -P "=" | sed "/\b\(jpg\|png\|js\|svg\|css\|gif\|jpeg\|woff\|woff2\)\b/d" > Output.txt ; for i in $(cat Output.txt);do URL="${i}"; LIST=(${URL//[=&]/=FUZZ&}); echo ${LIST} | awk -F'=' -vOFS='=' '{$NF="FUZZ"}1;' >> Passive_Collecting_URLParamter.txt ; done ; rm Output.txt ; sort -u Passive_Collecting_URLParamter.txt > Passive_Collecting_URLParamter_Uniq.txt
@martin-mok
martin-mok / CaesarsCipher.md
Last active July 5, 2023 16:56
freecodecamp: Caesars Cipher

Description

One of the simplest and most widely known ciphers is a Caesar cipher, also known as a shift cipher. In a shift cipher the meanings of the letters are shifted by some set amount. A common modern use is the ROT13 cipher, where the values of the letters are shifted by 13 places. Thus 'A' ↔ 'N', 'B' ↔ 'O' and so on. Write a function which takes a ROT13 encoded string as input and returns a decoded string. All letters will be uppercase. Do not transform any non-alphabetic character (i.e. spaces, punctuation), but do pass them on.

Tests

@sundowndev
sundowndev / GoogleDorking.md
Last active October 12, 2024 16:44
Google dork cheatsheet

Google dork cheatsheet

Search filters

Filter Description Example
allintext Searches for occurrences of all the keywords given. allintext:"keyword"
intext Searches for the occurrences of keywords all at once or one at a time. intext:"keyword"
inurl Searches for a URL matching one of the keywords. inurl:"keyword"
allinurl Searches for a URL matching all the keywords in the query. allinurl:"keyword"
intitle Searches for occurrences of keywords in title all or one. intitle:"keyword"
@swyxio
swyxio / 1.md
Last active October 1, 2024 04:34
Learn In Public - 7 opinions for your tech career

2019 update: this essay has been updated on my personal site, together with a followup on how to get started

2020 update: I'm now writing a book with updated versions of all these essays and 35 other chapters!!!!

1. Learn in public

If there's a golden rule, it's this one, so I put it first. All the other rules are more or less elaborations of this rule #1.

You already know that you will never be done learning. But most people "learn in private", and lurk. They consume content without creating any themselves. Again, that's fine, but we're here to talk about being in the top quintile. What you do here is to have a habit of creating learning exhaust. Write blogs and tutorials and cheatsheets. Speak at meetups and conferences. Ask and answer things on Stackoverflow or Reddit. (Avoid the walled gardens like Slack and Discourse, they're not public). Make Youtube videos

@bradtraversy
bradtraversy / django_deploy.md
Last active September 26, 2024 19:02
Django Deployment - Digital Ocean

Django Deployment to Ubuntu 18.04

In this guide I will go through all the steps to create a VPS, secure it and deploy a Django application. This is a summarized document from this digital ocean doc

Any commands with "$" at the beginning run on your local machine and any "#" run when logged into the server

Create A Digital Ocean Droplet

Use this link and get $10 free. Just select the $5 plan unless this a production app.

@bradtraversy
bradtraversy / django_cheat_sheet.md
Last active October 12, 2024 12:00
Django command cheat sheet

Django 2.x Cheat Sheet

Creating a virtual environment

We need to create a virtual env for our app to run in: More Here Run this command in whatever folder you want to create your venv folder

python -m venv ./venv
@michelem09
michelem09 / generate-eth-wallet-keypair.js
Created July 24, 2018 15:21
Programmatically generate keypair for Ethereum wallet: private key, public key and address
var keythereum = require('keythereum');
var Wallet = require('ethereumjs-wallet');
// Generate private key
var dk = keythereum.create();
var keyObject = keythereum.dump('password', dk.privateKey, dk.salt, dk.iv);
var privateKeyString = dk.privateKey.toString('hex');
console.log('Private key', privateKeyString);
// Get public key