create segfault server configuration (details: https://www.thc.org/segfault/)
$ ssh root@segfault.net # The password is 'segfault'
~/.ssh/config
Alex santaklouse
santaklouse
/ zerosocks-stack.yml
Last active
April 15, 2024 13:26
socks5 proxy + zerotier one (http://play-with-docker.com/?stack=https://gist.githubusercontent.com/santaklouse/c74332cf98e78e2dbf15eea21e577e7a/raw/zerosocks-stack.yml&stack_name=ZT_SOCKS5;docker+compose+-f+/var/run/pwd/uploads/zerosocks-stack.yml+up+-d
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| services: | |
| socks5: | |
| image: serjs/go-socks5-proxy | |
| restart: always | |
| depends_on: | |
| - zerotier-one | |
| ports: | |
| - 1080:1080 | |
| zerotier-one: |
santaklouse
/ bashrc.sh
Created
April 12, 2024 12:40
logs user input to log (add to /etc/bash.bashrc)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function log2syslog | |
| { | |
| declare COMMAND | |
| COMMAND=$(fc -ln -0) | |
| logger -p local1.notice -t bash -i -- "${USER}:${SUDO_USER}:${COMMAND}" | |
| } | |
| trap log2syslog DEBUG |
- https://free-for.dev/#/?id=major-cloud-providers
- https://tunshell.com/
- https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet?tab=readme-ov-file
- https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet?tab=readme-ov-file#tg
- https://github.com/botgram/shell-bot
- https://book.hacktricks.xyz/generic-methodologies-and-resources/shells/windows
- https://dev.to/devdevcharlie/gaining-remote-access-to-a-computer-with-a-reverse-shell-attack-in-nodejs-3a40
- https://hakin9.org/reverse-shell-generator-by-ryan-montgomery/
santaklouse
/ index.md
Created
December 8, 2023 01:53
— forked from paj28/index.md
Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.
Lab: https://4t64ubva.xssy.uk/
A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:
santaklouse
/ README.md
Created
October 3, 2023 20:58
share text or images (tmp store on free anon file servers)
resource: [GitHub Pages](https://imagebin.ca/)
add alias imgbin to ~/.bashrc
imgbin() { curl -F file="@${1}" 'https://imagebin.ca/upload.php'; }example
santaklouse
/ create_patch_untracked.md
Last active
September 28, 2023 08:16
create raw binary git patch file for untracked files only (exclude: zip archives/files/ directory/*.patch files)
$ { for next in $( git ls-files --others --exclude-standard --exclude=*.zip --exclude=files/* -x '*.patch') ; do git --no-pager diff -p --ignore-space-change --ignore-cr-at-eol --raw --binary -b -w --no-index /dev/null $next; done; } > untracked.patchshow information about changes that will be applied
santaklouse
/ read jsonj-tree by line
Created
September 20, 2023 18:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import { pipeline } from 'node:stream/promises' | |
| import { Writable } from 'node:stream' | |
| import fs from "fs"; | |
| import StreamObject from "stream-json/streamers/StreamObject.js"; | |
| return new Promise(async (resolve) => | |
| await pipeline( | |
| fs.createReadStream(this.cacheFileFullPath(filename)), | |
| StreamArray.withParser(), | |
| new Writable({ |
santaklouse
/ worker.js
Created
September 18, 2023 14:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class WorkerWrapper extends EventEmitter { | |
| #worker; | |
| #ee = new EventEmitter(); | |
| constructor(worker) { | |
| super(); | |
| this.#worker = worker; | |
| console.log(`worker.js `, worker); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rsync --ignore-existing -a --progress -W -v -r --include="*/" --include="*.jpg" --exclude="*" /home/fignelim/tools/Fignel-tools/export-elements/out/ /home/fignelim/tools/feature_test/out/ | |
| #get all images count in dir | |
| find ./feature_test/out/ -type f -name '*.jpg' | wc -l | |
| diff -qr Fignel-tools/export-elements/out/ feature_test/out/ |
NewerOlder