Skip to content

Instantly share code, notes, and snippets.

#!/bin/bash
# update apt-get
export DEBIAN_FRONTEND="noninteractive"
sudo apt-get update
# remove previously installed Docker
sudo apt-get purge lxc-docker*
sudo apt-get purge docker.io*

First off, credit goes to github.com/rudolfratusinski for leading the way here.

https://gist.github.com/rudolfratusinski/a4d9e3caff11a4d9d81d2e84abc9afbf

In a very similar approach, copy the files from the Parallels installation media and drop them in a folder somewhere (eg. ~/parallels_fixed)

Go to the kmods directory (cd ~/parallels_fixed/kmods) and extract the files (tar -xzf prl_mod.tar.gz)

Remove prl_mod.tar.gz file from that directory (rm prl_mod.tar.gz)

@attacker34
attacker34 / google-dorks
Created December 29, 2018 12:51 — forked from clarketm/google-dorks
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
curl -s $1 | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort | uniq | grep ".js" > jslinks.txt; while IFS= read link; do python linkfinder.py -i "$link" -o cli; done < jslinks.txt | grep $2 | grep -v $3 | sort -n | uniq; rm -rf jslinks.txt
@attacker34
attacker34 / recon-points.txt
Created June 7, 2018 05:53 — forked from ehsahil/recon-points.txt
recon-points.txt
Tips from @jobertabma, co-founder of HackerOne -- https://twitter.com/jobertabma/status/998769037445230592
0x00: I visit the product and marketing pages and read up what the products do. I identify how the product it exposed to the end user. This will give me an idea what the initial attack surface looks like, what data they're protecting, how users interact with each other, and what the learning curve looks like. I sign up for any number of accounts that is required to test the features. This will give me insight into the individual features. I do some light fingerprinting of the frameworks they use.I've even talked to engineers, product managers, and executives before even looking at something.
0x01: I prioritize based on features and then weakness type. I generally set a goal for myself to go after particular information, e.g. for an email provider I might ask myself: "I want to get access to someone's emails." Because I know what their features do, I can make an educated guess which features process ema
@attacker34
attacker34 / angular.sandbox.escapes.md
Created May 17, 2018 07:38 — forked from jeremybuis/angular.sandbox.escapes.md
Angular Sandbox Escape Cheatsheet
@attacker34
attacker34 / gitgrepper
Created April 28, 2018 10:04 — forked from EdOverflow/gitgrepper
Simple Bash script to find interesting data in GIT logs.
#!/bin/bash
echo "*** Running..."
keywords=(
"password"
"key"
"passwd"
"secret"
)
@attacker34
attacker34 / extract_links.py
Created April 22, 2018 08:42 — forked from p3t3r67x0/extract_links.py
Extract links from a given html document with you must call as first argument
{
"randomize": {
"0": "chrome"
},
"browsers": {
"chrome": [
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36",
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36",