Skip to content

Instantly share code, notes, and snippets.

View shakibamoshiri's full-sized avatar

Shakiba Moshiri shakibamoshiri

View GitHub Profile
@shakibamoshiri
shakibamoshiri / README.md
Created January 13, 2024 13:53 — forked from bwann/README.md
Tunnelling SSH over SSL/TLS
View README.md

How to tunnel SSH over SSL/TLS

laptop ssh -> laptop stunnel -> evil network -> internet -> your server -> your server ssh

Server (your shell server/home box/work box/whatever)

Sets up a stunnel process listening externally on port 2443/tcp, forwards to localhost 22/tcp

  • Install stunnel, e.g. yum install stunnel
  • Install server config snippet to /etc/stunnel/stunnel.conf
@shakibamoshiri
shakibamoshiri / tcp_flags.txt
Created January 4, 2024 20:07 — forked from tuxfight3r/tcp_flags.txt
tcpdump - reading tcp flags
View tcp_flags.txt
##TCP FLAGS##
Unskilled Attackers Pester Real Security Folks
==============================================
TCPDUMP FLAGS
Unskilled = URG = (Not Displayed in Flag Field, Displayed elsewhere)
Attackers = ACK = (Not Displayed in Flag Field, Displayed elsewhere)
Pester = PSH = [P] (Push Data)
Real = RST = [R] (Reset Connection)
Security = SYN = [S] (Start Connection)
@shakibamoshiri
shakibamoshiri / mysql-tcpdump.sh
Created December 31, 2023 10:59 — forked from bom-d-van/mysql-tcpdump.sh
tcpdump advanced filters
View mysql-tcpdump.sh
# https://www.percona.com/blog/2008/11/07/poor-mans-query-logging/
tcpdump -i eth0 -s 0 -l -w - dst port 3306 | strings | perl -e '
while(<>) { chomp; next if /^[^ ]+[ ]*$/;
if(/^(SELECT|UPDATE|DELETE|INSERT|SET|COMMIT|ROLLBACK|CREATE|DROP|ALTER)/i) {
if (defined $q) { print "$q\n"; }
$q=$_;
} else {
$_ =~ s/^[ \t]+//; $q.=" $_";
}
@shakibamoshiri
shakibamoshiri / static-interface-arch-linux
Last active April 10, 2023 05:43 — forked from andytryn/static_ip.txt
Manjaro set static IP Address
View static-interface-arch-linux
# install netctl
sudo pacman -S netctl --noconfirm
# check network card name
ip link
### Config Static IP Address ###
# Card Name : eth0
sudo cp /etc/netctl/examples/ethernet-static /etc/netctl/eth0
@shakibamoshiri
shakibamoshiri / vpn_namespace.md
Created December 18, 2022 19:22 — forked from EnigmaCurry/vpn_namespace.md
OpenVPN and browser specific network routing with ip netns
View vpn_namespace.md

OpenVPN and browser specific network routing with ip netns

Create network bridge

A network bridge allows us to have a virtual router that we can plug multiple network interfaces into. The IP address is assigned to the bridge rather than the individual network interface.

Create the bridge device, br0 :

@shakibamoshiri
shakibamoshiri / 001-server.bash
Created August 30, 2022 18:02 — forked from leandronsp/001-server.bash
A complete yet simple Web server (with login & logout system) written in Shell Script
View 001-server.bash
#!/bin/bash
## Create the response FIFO
rm -f response
mkfifo response
function handle_GET_home() {
RESPONSE=$(cat home.html | \
sed "s/{{$COOKIE_NAME}}/$COOKIE_VALUE/")
}
@shakibamoshiri
shakibamoshiri / ANSI.md
Created July 18, 2022 13:09 — forked from fnky/ANSI.md
ANSI Escape Codes
View ANSI.md

ANSI Escape Sequences

Standard escape codes are prefixed with Escape:

  • Ctrl-Key: ^[
  • Octal: \033
  • Unicode: \u001b
  • Hexadecimal: \x1B
  • Decimal: 27
@shakibamoshiri
shakibamoshiri / README.md
Created April 15, 2022 19:32 — forked from qdm12/README.md
Wireguard and iptables restrictions for multiple users
View README.md

Wireguard and iptables restrictions for multiple users

If you don't know what Wireguard is, well, you should. It's fast, easy to setup and highly configurable. We will configure Wireguard for multiple users with various restrictions using iptables.

Assumptions

This should fit most setups (not mine though 😉)

View install and test poshtiban CLI
# On linux servers
# cd into a temp dir
cd `mktemp -d`
# install it
npm install poshtiban
# test it
./node_modules/poshtiban/bin/run login --token=YOUR_TOKEN
@shakibamoshiri
shakibamoshiri / curl-websocket.sh
Created July 31, 2020 12:30 — forked from htp/curl-websocket.sh
Test a WebSocket using curl.
View curl-websocket.sh
curl --include \
--no-buffer \
--header "Connection: Upgrade" \
--header "Upgrade: websocket" \
--header "Host: example.com:80" \
--header "Origin: http://example.com:80" \
--header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \
--header "Sec-WebSocket-Version: 13" \
http://example.com:80/