- Start vm with tart
tart run archlinux --no-graphics --dir=shared:~/Sources --rosetta=ROSETTA- mount rosetta to Linux
sudo mkdir -p /mnt/rosetta
sudo mount -t virtiofs ROSETTA /mnt/rosetta
TJetnipat
/ CVE-2023-24044
Last active
January 6, 2026 19:02
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a HTTP "Host" request header.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vulnerability: Host Header Injection | |
| Product: Plesk Obsidian | |
| Version: 18.0.49 and below | |
| Tools: | |
| Burp Suite | |
| Mozilla Firefox (as a browser) | |
peternguyen93
/ using_rosetta2_archlinux_arm64_m1.md
Last active
June 17, 2024 11:49
Using Rosetta2 in Docker on ArchLinux VM Apple Silicon
h4x0r-dz
/ Generic keys
Created
May 5, 2022 09:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
Rust has kind of a steep learning curve but fortunately the Rust community has created some amazing resources for it. The approach I have taken is an iterative one using the following five resorces.
S3cur3Th1sSh1t
/ kerberos_attacks_cheatsheet.md
Created
December 13, 2021 12:58
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
JoyGhoshs
/ shodan-dorks.txt
Created
October 2, 2021 14:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hostname:target.com | to find all asset available for target.com on shodan | |
| http.title:"title" | to find server/host with similer title | |
| http.html:"/file" | to find server/host with similar path | |
| html:"context" | to find server/host with similar string | |
| server: "apache 2.2.3" | to find server/host with same server | |
| port:80 | to find server/host with same port | |
| os:"windows" | to find server/host with same os | |
| asn:AS3214 | to find host/server with matched asn | |
| http.status:200 | to find server/host with 200 http response code | |
| http.favicon.hash:"hash" | to find server/host with same favico hash |
upgundecha
/ Brewfile
Last active
October 7, 2022 06:40
Brewfile for tools listed in https://github.com/ibraheemdev/modern-unix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # tools from https://github.com/ibraheemdev/modern-unix | |
| tap "cantino/mcfly" | |
| tap "clementtsang/bottom" | |
| brew "bat" | |
| brew "exa" | |
| brew "lsd" | |
| brew "git-delta" | |
| brew "dust" | |
| brew "duf" | |
| brew "broot" |
-
Simply try to change the domain
Example: ?redirect=https://example.com --> ?redirect=https://evil.com
-
Bypass the filter when protocol is blacklisted using
//Example: ?redirect=https://example.com --> ?redirect=//evil.com
Klerith
/ ReactNative-instalaciones.md
Last active
January 8, 2026 16:44
Instalaciones recomendadas para el curso de React Native
fransr
/ logger.js
Last active
December 18, 2025 10:06
logger.js for hunting script gadgets. More info about script gadgets: https://github.com/google/security-research-pocs/tree/master/script-gadgets (Sebastian Lekies / Eduardo Vela Nava / Krzysztof Kotowicz)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var logger = console.trace; | |
| // ELEMENT | |
| ;(getElementByIdCopy => { | |
| Element.prototype.getElementById = function(q) { | |
| logger('getElementById', q, this, this.innerHTML); | |
| return Reflect.apply(getElementByIdCopy, this, [q]) | |
| } | |
| })(Element.prototype.getElementById) |