Vishwaraj Bhattrai vishwaraj101

## 20211210-TLP-WHITE_LOG4J.md

      
              1 file
            
          
              94 forks
            
          
              777 comments
            
          
              1089 stars
            
          
                SwitHak
                / 20211210-TLP-WHITE_LOG4J.md
            
            
              Last active
              June 22, 2024 10:52
            
              
                BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
              
          
    Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
Errors, typos, something to say ?


If you want to add a link, comment or send it to me
Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources


Royce Williams list sorted by vendors responses Royce List
Very detailed list NCSC-NL
The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List


## Jira bug-exploit


cve-2019-8449
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
 https://jira.atlassian.com/browse/JRASERVER-69796
 https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
=====================================================================================================================================

## auto_git_query
https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI

## jwt-expiration.md

      
              1 file
            
          
              2 forks
            
          
              0 comments
            
          
              14 stars
            
          
                ibrahimsn98
                / jwt-expiration.md
            
            
              Created
              February 8, 2019 13:18
                — forked from soulmachine/jwt-expiration.md
            
              
                How to deal with JWT expiration?
              
          
    First of all, please note that token expiration and revoking are two different things.

Expiration only happens for web apps, not for native mobile apps, because native apps never expire.
Revoking only happens when (1) uses click the logout button on the website or native Apps;(2) users reset their passwords; (3) users revoke their tokens explicitly in the administration panel.

1. How to hadle JWT expiration

A JWT token that never expires is dangerous if the token is stolen then someone can always access the user's data.
Quoted from JWT RFC:

  
## TorBrowser_7.x_NoScript_bypass.py
#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer

PORT_NUMBER = 31337

class myHandler(BaseHTTPRequestHandler):

        #Handler for the GET requests
        def do_GET(self):
                self.send_response(200)

## phpdangerousfuncs.md

      
              1 file
            
          
              59 forks
            
          
              1 comment
            
          
              151 stars
            
          
                mccabe615
                / phpdangerousfuncs.md
            
            
              Last active
              June 17, 2024 06:45
            
              
                Dangerous PHP Functions
              
          
    Command Execution

exec           - Returns last line of commands output
passthru       - Passes commands output directly to the browser
system         - Passes commands output directly to the browser and returns last line
shell_exec     - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen          - Opens read or write pipe to process of a command
proc_open      - Similar to popen() but greater degree of control
pcntl_exec - Executes a program


## cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

## scanio.sh
#!/bin/bash
# Usage : ./scanio.sh <save file>
# Example: ./scanio.sh cname_list.txt

# Premium
function ech() {
  spinner=( "|" "/" "-" "\\" )
  while true; do
    for i in ${spinner[@]}; do
      echo -ne "\r[$i] $1"

## Domain Enumeration Commands
Domain: TEST.local
User Enumeration:
  Windows:
    net user
    net user /domain
    net user [username]
    net user [username] /domain
    wmic useraccount
  Mac:
    dscl . ls /Users

## gist:606c41ac6ec40bf5c69d4db96d9312e3
From: http://redteams.net/bookshelf/
Techie

    Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
    Social Engineering: The Art of Human Hacking by Christopher Hadnagy
    Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
    The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
    Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
    Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
    The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors





	cve-2019-8449
	The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
	https://jira.atlassian.com/browse/JRASERVER-69796
	https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
	=====================================================================================================================================
	https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
	https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
	https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
	https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
	https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
	https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
	https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI
	#!/usr/bin/python
	from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer

	PORT_NUMBER = 31337

	class myHandler(BaseHTTPRequestHandler):

	#Handler for the GET requests
	def do_GET(self):
	self.send_response(200)
	## AWS
	# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

	http://169.254.169.254/latest/user-data
	http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/ami-id
	http://169.254.169.254/latest/meta-data/reservation-id
	http://169.254.169.254/latest/meta-data/hostname
	http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
	#!/bin/bash
	# Usage : ./scanio.sh <save file>
	# Example: ./scanio.sh cname_list.txt

	# Premium
	function ech() {
	spinner=( "\|" "/" "-" "\\" )
	while true; do
	for i in ${spinner[@]}; do
	echo -ne "\r[$i] $1"
	Domain: TEST.local
	User Enumeration:
	Windows:
	net user
	net user /domain
	net user [username]
	net user [username] /domain
	wmic useraccount
	Mac:
	dscl . ls /Users
	From: http://redteams.net/bookshelf/
	Techie

	Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
	Social Engineering: The Art of Human Hacking by Christopher Hadnagy
	Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
	The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
	Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
	Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
	The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors