Also see: AWS CLI Setup
weedpatch2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * run the script to a running app: frida -U "appName" -l flutter_ios.js --no-pause | |
| * start app direct with the script: frida -Uf bundleIdentifier -l flutter_ios.js --no-pause | |
| */ | |
| // ############################################# | |
| // HELPER SECTION START | |
| var colors = { | |
| "resetColor": "\x1b[0m", | |
| "green": "\x1b[32m", | |
| "yellow": "\x1b[33m", |
blofeldthefish
/ White label Route 53 nameservers.md
Created
August 23, 2018 19:42
AWS Route 53 white label nameserver setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json,xmltodict | |
| """ | |
| Nmap XML Output to Json Output in Python | |
| example : data = xml2json('nmap_output.xml') | |
| """ | |
| def xml2json(xml): | |
| xmlfile = open(xml) | |
| xml_content = xmlfile.read() | |
| xmlfile.close() | |
| xmljson = json.dumps(xmltodict.parse(xml_content), indent=4, sort_keys=True) |
zachriggle
/ win.py
Created
September 1, 2017 20:35
Example Exploit for ROP Emporium's ret2win Challenge Raw
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| # Set up pwntools to work with this binary | |
| elf = context.binary = ELF('ret2win') | |
| # Enable verbose logging so we can see exactly what is being sent. | |
| context.log_level = 'debug' | |
| # Print out the target address | |
| info("%#x target", elf.symbols.ret2win) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| url - https://aws.amazon.com/blogs/security/a-safer-way-to-distribute-aws-credentials-to-ec2/ | |
| Finding hard-coded credentials in your code | |
| Hopefully you’re excited about deploying credentials to EC2 that are automatically rotated. Now that you’re using Roles, a good security practice would be to go through your code and remove any references to AKID/Secret. We suggest running the following regular expressions against your code base: | |
| Search for access key IDs: (?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9]). In English, this regular expression says: Find me 20-character, uppercase, alphanumeric strings that don’t have any uppercase, alphanumeric characters immediately before or after. | |
| Search for secret access keys: (?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=]). In English, this regular expression says: Find me 40-character, base-64 strings that don’t have any base 64 characters immediately before or after. | |
| If grep is your preferred tool, run a recursive, Perl-compatible search using the following commands |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |