A list of questions that bounty hunters frequently DM me about. 😄
I have a simple philosophy that I share with everyone:
- Learn to make it. Then break it!
- Read books. Lots of books.
## Sublime Text 3 Serial key build is 3176 | |
> * Added these lines into /etc/hosts | |
127.0.0.1 www.sublimetext.com | |
127.0.0.1 license.sublimehq.com | |
> * Used the license key | |
----- BEGIN LICENSE ----- |
#!/usr/bin/python | |
# Author: Adam Jordan | |
# Date: 2019-02-15 | |
# Repository: https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc | |
# PoC for: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative) | |
import argparse | |
import jenkins |
// Determine linux distribution and version | |
cat /etc/issue | |
cat /etc/*-release | |
cat /etc/lsb-release | |
cat /etc/redhat-release | |
// Determine kernel version - 32 or 64-bit? | |
cat /proc/version | |
uname -a | |
uname -mrs |
#!/bin/bash | |
# Stop all containers | |
containers=`docker ps -a -q` | |
if [ -n "$containers" ] ; then | |
docker stop $containers | |
fi | |
# Delete all containers | |
containers=`docker ps -a -q` | |
if [ -n "$containers" ]; then | |
docker rm -f -v $containers |
I've just stolen HypnZA list of suggested links and added a few others by various people. (Please feel free to send me other links/info you think might be useful to add.)
HypnZA's commonly shared list (in the correct order):
inurl /bug bounty | |
inurl : / security | |
inurl:security.txt | |
inurl:security "reward" | |
inurl : /responsible disclosure | |
inurl : /responsible-disclosure/ reward | |
inurl : / responsible-disclosure/ swag | |
inurl : / responsible-disclosure/ bounty | |
inurl:'/responsible disclosure' hoodie | |
responsible disclosure swag r=h:com |
#!/usr/bin/env python | |
import argparse | |
import string | |
import sys | |
from impacket import nmb | |
from impacket.smb3 import SMB2_COMPRESSION_TRANSFORM_HEADER, SMB3, SMB2_DIALECT_311, SMB2_NEGOTIATE_SIGNING_REQUIRED, \ | |
SMB2_NEGOTIATE_SIGNING_ENABLED, STATUS_SUCCESS, SMB2_DIALECT_30, \ | |
SMB2_GLOBAL_CAP_ENCRYPTION, SMB2_DIALECT_WILDCARD, SMB2Negotiate_Response, SMB2_NEGOTIATE, \ | |
SMB2Negotiate, SMB311ContextData, SMB2NegotiateContext, SMB2_PREAUTH_INTEGRITY_CAPABILITIES, \ |
This python script is intended to automate the extraction of embedded certificates and keys from OpenVPN config files.
Unfortunately the GNOME Network-Manager is not able to automatically import OpenVPN config files with embedded certificates and keys. A workaround is to manually extract these and store them in separate files (e.g. see https://naveensnayak.wordpress.com/2013/03/04/ubuntu-openvpn-with-ovpn-file/).
Instructions:
Make shure all the required packages are installed. For example on Ubuntu and Debian run:
$ sudo apt-get install python3 network-manager-openvpn-gnome