katiefoster

#Code for bruteforcing a UUID for pentesterlab's MongoDB injection exercise.

import cookielib, urllib2, urllib
from bs4 import BeautifulSoup

found = ""
potentialChar = ["0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f","-"]


while True:

thomascube

Roundcube Webmail File Disclosure Vulnerability

• Software: https://roundcube.net/
• Versions: 1.1.0 - 1.1.9, 1.2.0 - 1.2.6, 1.3.0 - 1.3.2
• CVE: CVE-2017-16651
• Author: Thomas Bruederli
• Release date: 2017-11-09

Summary

Roundcube Webmail allows unauthorized access to arbitrary files on the

scastillo

#!/usr/env/sh

IP_FILE=${1:-ips.txt}
NUM_TARGETS=${2:-100}

IPS=$(sudo nmap -n -sS -iR ${NUM_TARGETS} -Pn -T5 -iL ${IP_FILE} -p23 -vvv | grep Discovered | awk '{print $6}')

if [[ $IPS ]]; then
  echo $IPS | tee -a results.txt
  for i in $IPS; do telnet $(echo $IPS | head -n1); done

quangnd-pgvn

Download Plural Sight videos

Software required:

youtube-dl

After installation and putting the youtube-dl in PATH

youtube-dl --username YOUR_USERNAME --password YOUR_PASSWORD --all-subs https://app.pluralsight.com/library/courses/javascript-development-environment -o "~/video/%(playlist)s/%(chapter_number)s. %(chapter)s/%(playlist_index)s. %(title)s.%(ext)s" --sleep-interval 10

gboudreau

Exporting your 2FA tokens from Authy to transfer them into another 2FA application

IMPORTANT - Update regarding deprecation of Authy desktop apps

Past August 2024, Authy stopped supported the desktop version of their apps:
See Authy is shutting down its desktop app | The 2FA app Authy will only be available on Android and iOS starting in August for details.

And indeed, after a while, Authy changed something in their backend which now prevents the old desktop app from logging in. If you are already logged in, then you are in luck, and you can follow the instructions below to export your tokens.

If you are not logged in anymore, but can find a backup of the necessary files, then restore those files, and re-install Authy 2.2.3 following the instructions below, and it should work as expected.

HarmJ0y

# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

mhmdiaa

import requests
import sys
import json


def waybackurls(host, with_subs):
    if with_subs:
        url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
    else:
        url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host

Birdie0

⚠️ This gist is no longer updated! For maintained, improved and even more extended guide click here.

---

How to use Discord Webhook

It's a JSON

First, learn JSON. It's not programming language, not even close. Just follow syntax rules and you will be fine.

lyqflnh

#if u have the root password which default is "alpine"
1.login as root, using command "ssh root@ip address"
2.type ur password: alpine
3.type command "passwd" to change ur root password
4.when it is done, type command "passwd mobile" to change the mobile passwd

#if u forget ur root passwd
1.open the file named "master.password" at /private/etc on ur jailbreak ios device
2.find the string like this:
root:xxxxxxxxxxxxx:0:0::0:0:System Administrator:/var/root:/bin/sh

schleumer

function remove-docker-containers
	echo "Stop running shit"
	docker stop (docker ps -q)
	echo "Remove the whale shit"
	docker rm (docker ps -a -q)
end

function remove-docker-images
	remove-docker-containers