Skip to content

Instantly share code, notes, and snippets.

View lokori's full-sized avatar

Antti Virtanen lokori

View GitHub Profile
@lokori
lokori / 00readme.md
Created June 6, 2016 08:32 — forked from indrora/00readme.md
DeadUpdate: Kickin' it bigtime.

... my first disclosure. Man, it feels weird doing this.

From the vendor that brought you a
                        vulnerable cloud storage platform comes
                        
           ___              ____  __        __     __ 
          / _ \___ ___ ____/ / / / /__  ___/ /__ _/ /____ 
         / // / -_) _ `/ _  / /_/ / _ \/ _  / _ `/ __/ -_)

//_/_,/_,/_/ ./_,/_,/_/_/

@lokori
lokori / MailinatorAliases
Created January 4, 2017 19:44 — forked from nocturnalgeek/MailinatorAliases
A list of alternate domains that point to @mailinator.com
@binkmail.com
@bobmail.info
@chammy.info
@devnullmail.com
@letthemeatspam.com
@mailinater.com
@mailinator.net
@mailinator2.com
@notmailinator.com
@reallymymail.com

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@lokori
lokori / awsenv.sh
Last active November 25, 2017 20:51 — forked from woowa-hsw0/assume_role.sh
Start AWS CLI Session with MFA Enabled (+Yubikey)
#!/bin/bash
# Original: https://gist.github.com/woowa-hsw0/caa3340e2a7b390dbde81894f73e379d
set -eu
umask 0022
TMPDIR=$(mktemp -d awsenv)
echo "TEMPDIR $TMPDIR"
@lokori
lokori / zap_cli_scan.sh
Created October 31, 2017 12:14 — forked from ian-bartholomew/zap_cli_scan.sh
script to run owasp zap cli
#!/bin/sh
DOCKER=`which docker`
IMAGE='owasp/zap2docker-weekly'
URL='https://www.example.com'
ZAP_API_PORT='8090'
# Start our container
CONTAINER_ID=`$DOCKER run -d \
-p $ZAP_API_PORT:$ZAP_API_PORT \
@lokori
lokori / zap_cli_scan.sh
Created October 31, 2017 12:14 — forked from ian-bartholomew/zap_cli_scan.sh
script to run owasp zap cli
#!/bin/sh
DOCKER=`which docker`
IMAGE='owasp/zap2docker-weekly'
URL='https://www.example.com'
ZAP_API_PORT='8090'
# Start our container
CONTAINER_ID=`$DOCKER run -d \
-p $ZAP_API_PORT:$ZAP_API_PORT \
@lokori
lokori / xml-attacks.md
Created December 11, 2017 20:46 — forked from mgeeky/xml-attacks.md
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.


<!DOCTYPE html>
<html>
<head>
<title>Copy-Paste from Website to Terminal</title>
</head>
<style>
.codeblock {
background-color: lightyellow;
border: 1px dotted blue;
margin-left: 50px;
@lokori
lokori / getdomains.sh
Last active September 17, 2018 11:00 — forked from woltage/getdomains.sh
Skripti joka hakee Y-tunnuksella kaikki firman omistamat .fi -verkkotunnukset. (alkuperäinen https://gist.github.com/woltage/5b7a744f9562b9348c90c6e0d038d92a)
#!/bin/bash
## Y-Tunnukseen perustuva domainejen haku (.fi)
## Esimerkki: getdomains 1093944-1 # MTV Oy
# Laita tämä .bashrc tai .zshrc
# Käyttöesimerkkejä:
# Looppaa Y-tunnuksetn kaikki domainit läpi ja tee kysely
@lokori
lokori / .bash_profile
Created October 17, 2018 18:26
The good prompt from the bash profile. Line wrapping issues. Needs git-complete. Nice prompt
# start at home
cd ~
ln -sfv /usr/local/opt/redis/*.plist ~/Library/LaunchAgents
ln -sfv /usr/local/opt/mysql56/*.plist ~/Library/LaunchAgents
export PATH=./node_modules/.bin:$PATH