Cheatsheet for HackTheBox with common things to do while solving these CTF challenges.
Because a smart man once said:
Never google twice.
Daehee daehee
teusink
/ fake-email-domains.txt
Last active
June 19, 2020 07:51
Domains with malicious or phishing intent by mimicing domains from real email services
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Domains with malicious or phishing intent by mimicing domains from real email services | |
| # Examples: example domains (RFC 2606 & 6761) and fake domains that spoof real domains used for email services | |
| address.local | |
| cacema.nl | |
| casama.nl | |
| example.com | |
| example.net | |
| example.org | |
| gmail.nl | |
| gmial.com |
teusink
/ consumer-email-domains.txt
Last active
September 1, 2020 07:42
Domains used for email by consumers and consumer ISPs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Domains used for email by consumers and consumer ISPs | |
| # Included: General email providers, and Dutch and Belgium consumer ISPs | |
| # | |
| # GENERAL EMAIL PROVIDERS | |
| aol.com | |
| compuserve.com | |
| cs.com | |
| gmail.com | |
| googlemail.com | |
| hotmail.com |
caueops
/ aws-iam-get-username-by-access-key.bash
Created
January 5, 2019 18:10
AWS IAM Get UserName by Access Key Id
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # exit when the command fails | |
| set -o errexit; | |
| # exit when try to use undeclared var | |
| set -o nounset; | |
| accessKeyToSearch=${1?"Usage: bash $0 AccessKeyId"} |
yenthanh132
/ godaddy_2step_pincode_bruteforce.go
Created
October 8, 2018 04:12
Source code to brute force the pin code for Godaddy's 2-step authentication, written in Golang by Thanh Le
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "strings" | |
| "net/http" | |
| "io/ioutil" | |
| "math/rand" | |
| "time" | |
| ) |
jorgsk
/ encrypted_zim.py
Created
August 19, 2018 18:41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| This script is a wrapper around veracrypt and zim that makes it easy to work | |
| with notebooks that reside inside a veracrypt container. | |
| The script does three things: | |
| 1) Mounts a veracrypt container to a target location. | |
| 2) Runs a zim notebook, intended to be located in the mounted partition. | |
| 3) Unmounts the partition when either Zim or this script exits. | |
| Note: sudo session from mount might have expired. Be prepared to re-insert | |
| sudo password. |
xdavidhu
/ converter.sh
Last active
September 1, 2024 10:56
Converter.sh, a bash script to convert domain lists to resolved IP lists without duplicates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Converter.sh by @xdavidhu | |
| # This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix | |
| # With this script, you can convert domain lists to resolved IP lists without duplicates. | |
| # Usage: ./converter.sh [domain-list-file] [output-file] | |
| echo -e "[+] Converter.sh by @xdavidhu\n" | |
| if [ -z "$1" ] || [ -z "$2" ]; then | |
| echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]" | |
| exit 1 |
Aghassi
/ docker-compose.yml
Last active
July 18, 2024 17:29
LinuxServer Docker Compose: Plex, Sonarr, Radarr, NZBGet, Let's Encrypt, Time Machine
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '2' | |
| services: | |
| plex: | |
| image: linuxserver/plex | |
| container_name: plex | |
| volumes: | |
| - /path/to/plex/config:/config | |
| - /path/to/plex/Movies:/data/movies | |
| - /path/to/plex/Shows:/data/tvshows | |
| - /path/to/plex/transcode:/data/transcode |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class << self | |
| def query(params) | |
| listings = self.active_record_search(params) # filter by other parameters first | |
| # return right there if search is blank | |
| return listings.page(params[:page]) if params[:search].blank? | |
| # otherwise pass already filtered set to elastic search for further filtering | |
| listing_ids = listings.pluck(:id) | |
| self.elastic_search(params, listing_ids) |
jhaddix
/ cloud_metadata.txt
Last active
November 10, 2025 16:43
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |