xassiz

import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler

'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''

jhaddix

## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

jgamblin

#!/bin/bash
set -e
set -u

clear

ami="ami-10e00b6d"
size="t2.medium"
today=$(date +"%m-%d-%y-%H%M")
localip=$(curl -s https://ipinfo.io/ip)

jhaddix

Fast Testing Checklist

A combination of my own methodology and the Web Application Hacker's Handbook Task checklist, as a Github-Flavored Markdown file

Contents

• Recon and analysis
• Test handling of access
• Test handling of input
• Test application logic
• Assess application hosting
• Miscellaneous tests

haccer

#!/bin/bash
# Usage : ./scanio.sh <save file>
# Example: ./scanio.sh cname_list.txt

# Premium
function ech() {
  spinner=( "|" "/" "-" "\\" )
  while true; do
    for i in ${spinner[@]}; do
      echo -ne "\r[$i] $1"

BoGnY

[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively

This is a step-by-step guide on how to enable auto-signing Git commits with GPG for every applications that don't support it natively (eg. GitHub Desktop, Eclipse, Git Tower, ...)

Requirements

• Install GPG4Win: this software is a bundle with latest version of GnuPG v2, Kleopatra v3 certificate manager, GNU Privacy Assistant (GPA) v0.9 which is a GUI that uses GTK+, GpgOL and GpgEX that are respectively an extension for MS Outlook and an extension for Windows Explorer shell
• Install Git for Windows: so you can have a *nix based shell, this software is a bundle with latest version of Git which use MINGW environment, a Git bash shell, a Git GUI and an extension for Windows Explorer shell (Make sure your local version of Git is at least 2.0, otherwise Git don't have support for automatically sign your commits)
• Verify

soulmachine

First of all, please note that token expiration and revoking are two different things.

1. Expiration only happens for web apps, not for native mobile apps, because native apps never expire.
2. Revoking only happens when (1) uses click the logout button on the website or native Apps;(2) users reset their passwords; (3) users revoke their tokens explicitly in the administration panel.

1. How to hadle JWT expiration

A JWT token that never expires is dangerous if the token is stolen then someone can always access the user's data.

Quoted from JWT RFC:

SeanSobey

Portainer on Windows 10

Here I have 2 methods for running portainer on windows, a quick, preferred method only requiring a fairly recent version of docker, or a more complicated method to try if that does not work.

Using host.docker.internal

This setup will let you run Portainer on windows by using the host.docker.internal endpoint (docker.for.win.localhost is depricated since docker version 3.2.1, but older versions may use this instead).

Please note:

kekru

Enable Docker Remote API with TLS client verification

Docker's Remote API can be secured via TLS and client certificate verification.
First of all you need a few certificates and keys:

• CA certificate
• Server certificate
• Server key
• Client certificate
• Client key

Create certificate files

nitefood

This gist has moved to its own repository HERE

See you there!