- Get the reverse shell in netcat
- check python support in the target system
which python- If your terminal is using zsh, then you need to switch to bash
Aravind Kumar SVG aravindkumarsvg
aravindkumarsvg
/ Vagrantfile
Last active
September 13, 2020 14:27
Vagrantfile for Apache Spark setup in Ubuntu Xenial 16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- mode: ruby -*- | |
| # vi: set ft=ruby : | |
| Vagrant.configure("2") do |config| | |
| config.vm.box = "ubuntu/xenial64" | |
| config.vm.box_check_update = false | |
| # Spark Jobs history | |
| config.vm.network "forwarded_port", guest: 4040, host: 4040 | |
| # Spark Master | |
| config.vm.network "forwarded_port", guest: 8080, host: 8080 |
aravindkumarsvg
/ adb_caller.sh
Created
August 10, 2020 05:41
Calling a phone number repeatedly using ADB
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Enabling ADB over network | |
| # adb kill-server && adb start-server # restart adb server | |
| # adb tcpip 5555 # start adb service | |
| # adb connect <phone_id> # connect to the device | |
| # For enabling loudspeaker and cut the call, make sure to change it based on your phone screen | |
| # Ref for getting touch coordinates: https://android.stackexchange.com/questions/164295/how-can-i-see-the-pointer-location-and-simulate-it |
aravindkumarsvg
/ shell_stabilization.md
Last active
May 27, 2024 10:31
Stabilize a reverse shell for linux target
- Look for state-changing actions (e.g., transfer, password change, account update).
- Confirm the endpoint uses cookie-based authentication.
- Check if the endpoint accepts GET or POST methods.
TOTP (Time-Based One-Time Password) is a one-time password algorithm that uses the current time as a variable. It is commonly used in two-factor authentication (2FA) systems. TOTP generates a numeric code that changes every 30 seconds and is based on a shared secret between the client and the server.
- Defined in RFC 6238
- Based on HOTP (HMAC-based One-Time Password, RFC 4226)
aravindkumarsvg
/ css_essentials_security.md
Last active
July 15, 2025 13:28
CSS essentials security
aravindkumarsvg
/ iframe-and-postmessage-security-checklist.md
Created
July 3, 2025 10:39
iframe and postmessage communication - security considerations
| Check | Description |
|---|---|
| X-Frame-Options header | Should be set to DENY or SAMEORIGIN to prevent Clickjacking. |
| Content-Security-Policy (CSP) | Use frame-ancestors, child-src, frame-src directives to restrict embedding origins. |
| Sandboxing iframes | Use sandbox attribute with strict flags like allow-scripts or allow-forms. |
SAML is primarily used for single sign-on (SSO) and authentication within enterprise environments
- User tries to access a protected page.
- SP generates a
SAMLRequestand redirects to IdP.
This checklist covers key GraphQL concepts such as queries, mutations, subscriptions, introspection, variables, fields, types, and arguments, along with related vulnerability assessment and penetration testing pointers.
Standard read operations used to fetch data.