Skip to content

Instantly share code, notes, and snippets.

View MohamedTarekq's full-sized avatar

Mohamed Tarek MohamedTarekq

View GitHub Profile
@MohamedTarekq
MohamedTarekq / outline-server-setup.md
Created March 18, 2024 00:43 — forked from okeehou/outline-server-setup.md
How to setup an Outline VPN Server on Ubuntu 16.04

How to setup an Outline VPN Server on Ubuntu 16.04 Server

This guide will show you how to install Outline Server on an Ubuntu 16.04 Server, use Outline Manager for Windows and connect to your Outline Server on Windows and Anroid.

Install Outline Manager

Outline Manager supports Windows, macOS and Linux.

Outline Manager for Windows

@MohamedTarekq
MohamedTarekq / .block
Last active April 19, 2022 19:43 — forked from mbostock/.block
Epicyclic Gearing
license: gpl-3.0
redirect: https://observablehq.com/@mbostock/epicyclic-gearing
@MohamedTarekq
MohamedTarekq / exploit_path_traversals_in_Java_webapps.txt
Created December 8, 2021 13:50 — forked from harisec/exploit_path_traversals_in_Java_webapps.txt
quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)
so, you can read WEB-INF/web.xml. how can you escalate this issue?
[step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml.
use a specialized wordlist such as the following (from Sergey Bobrov/BlackFan):
https://github.com/BlackFan/WEB-INF-dict/blob/master/web-inf.txt
with time you can build your own wordlist adding files you've discovered over time.
use Burp Intruder for this, it's perfect for this job.
sort Intruder results by status code so you can see instantly which files were found.
# the required tools
# subjs -> https://github.com/lc/subjs
# js-beautify -> https://github.com/beautify-web/js-beautify
# haklistgen -> https://github.com/hakluke/haklistgen
haklist() {
# declare TMPDIR variable
TMPDIR="/tmp/haklist"