Skip to content

Instantly share code, notes, and snippets.

View memogarcia's full-sized avatar
🇲🇽
I hacked the mainframe!

Guillermo García memogarcia

🇲🇽
I hacked the mainframe!
14 followers · 10 following
View GitHub Profile
@memogarcia
memogarcia / frontendDevlopmentBookmarks.md
Created July 12, 2013 16:13 — forked from dypsilon/frontendDevlopmentBookmarks.md
@memogarcia
memogarcia / github_bugbountyhunting.md
Created October 7, 2017 08:27 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@memogarcia
memogarcia / console.log.md
Created June 14, 2018 11:26 — forked from mazgi/console.log.md
LDAP Auth for SSSD, SSH, SUDO 
# uname -a
Linux base 4.0.5-gentoo #1 SMP Wed Jul 1 02:23:16 JST 2015 x86_64 Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz GenuineIntel GNU/Linux

Packages

# emerge -pvq openldap openssh sssd sudo
[ebuild R ] net-nds/openldap-2.4.38-r2 USE="berkdb crypt gnutls ipv6 minimal sasl ssl syslog tcpd -cxx -debug -experimental -icu -iodbc -kerberos -odbc -overlays -perl -samba (-selinux) -slp -smbkrb5passwd" ABI_X86="(64) -32 (-x32)"
@memogarcia
memogarcia / fuck-openldap.sh
Created June 19, 2018 08:57 — forked from jaseg/README.md
Convert openldap .schema files to .ldif files
#!/usr/bin/env bash
# convert OpenLDAP schema file to LDIF file
#
# Copyright 2012 NDE Netzdesign und -entwicklung AG, Hamburg
# Written by Jens-U. Mozdzen <[email protected]>
# Copyright 2014 jaseg <[email protected]>
#
# Permission is granted to use, modify and redistribute this file as long as
# - this copyright notice is left unmodified and included in the final code
@memogarcia
memogarcia / monitor_service.py
Created June 28, 2018 11:29 — forked from piraz/monitor_service.py
Script that monitors a service running on systemd. If service is not running the script will try to start the service.
#!/bin/python
#
# Copyright 2016 Flavio Garcia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
@memogarcia
memogarcia / gist:30aec4532dd0ebd0acbb430fcadb81c3
Created April 13, 2020 05:00 — forked from zzzeek/gist:f5bc2a104ce6eed5187e268ccfd73c01
turn off pacemaker and bootstrap galera manually
--- 1. prevent pacemaker from managing galera
# pcs resource unmanage galera
--- 2. make sure ***mysql is not running on any node***. To bootstrap, mysql has to be completely shut down:
# ps -ef | grep mysql
< nothing, on all three controllers >
--- 3. Choose the node you want to bootstrap and run mysqld_safe with --wsrep-new-cluster: