create segfault server configuration (details: https://www.thc.org/segfault/)
$ ssh [email protected] # The password is 'segfault'
~/.ssh/config
Alex santaklouse
santaklouse
/ gist:41a59e0c79374cf479ffbdddd280328d
Created
November 15, 2024 16:06
chisel inside container share
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on vps (proxy.wrtc.pp.ua): | |
| $ chisel server --proxy https://proxy-seller.com/ --auth foo:bazz -v --socks5 --port 8080 --reverse | |
| on target machines: | |
| (inside container) | |
| limactl start \ | |
| --containerd=user \ | |
| --name=default \ | |
| --cpus=4 \ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM php:8.2-fpm | |
| WORKDIR /var/www | |
| RUN apt-get update && apt-get install -y \ | |
| build-essential \ | |
| libpng-dev \ | |
| libjpeg-dev \ | |
| libfreetype6-dev \ | |
| libonig-dev \ |
santaklouse
/ pc_power_on_off_wol.py
Created
May 26, 2024 11:42
https://habr.com/ru/articles/816765/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import os | |
| import logging | |
| import psutil | |
| WOL_PORT = 9 | |
| INTERFACE_NAME = 'Ethernet 4' | |
| logging.basicConfig(format='%(levelname)s: %(asctime)s %(message)s', level=logging.INFO) | |
| logger = logging.getLogger(__name__) |
santaklouse
/ zerosocks-stack.yml
Last active
April 15, 2024 13:26
socks5 proxy + zerotier one (http://play-with-docker.com/?stack=https://gist.githubusercontent.com/santaklouse/c74332cf98e78e2dbf15eea21e577e7a/raw/zerosocks-stack.yml&stack_name=ZT_SOCKS5;docker+compose+-f+/var/run/pwd/uploads/zerosocks-stack.yml+up+-d
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| services: | |
| socks5: | |
| image: serjs/go-socks5-proxy | |
| restart: always | |
| depends_on: | |
| - zerotier-one | |
| ports: | |
| - 1080:1080 | |
| zerotier-one: |
santaklouse
/ bashrc.sh
Created
April 12, 2024 12:40
logs user input to log (add to /etc/bash.bashrc)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function log2syslog | |
| { | |
| declare COMMAND | |
| COMMAND=$(fc -ln -0) | |
| logger -p local1.notice -t bash -i -- "${USER}:${SUDO_USER}:${COMMAND}" | |
| } | |
| trap log2syslog DEBUG |
- https://free-for.dev/#/?id=major-cloud-providers
- https://tunshell.com/
- https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet?tab=readme-ov-file
- https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet?tab=readme-ov-file#tg
- https://github.com/botgram/shell-bot
- https://book.hacktricks.xyz/generic-methodologies-and-resources/shells/windows
- https://dev.to/devdevcharlie/gaining-remote-access-to-a-computer-with-a-reverse-shell-attack-in-nodejs-3a40
- https://hakin9.org/reverse-shell-generator-by-ryan-montgomery/
santaklouse
/ index.md
Created
December 8, 2023 01:53
— forked from paj28/index.md
Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.
Lab: https://4t64ubva.xssy.uk/
A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:
santaklouse
/ README.md
Created
October 3, 2023 20:58
share text or images (tmp store on free anon file servers)
resource: [GitHub Pages](https://imagebin.ca/)
add alias imgbin to ~/.bashrc
imgbin() { curl -F file="@${1}" 'https://imagebin.ca/upload.php'; }example
santaklouse
/ create_patch_untracked.md
Last active
September 28, 2023 08:16
create raw binary git patch file for untracked files only (exclude: zip archives/files/ directory/*.patch files)
$ { for next in $( git ls-files --others --exclude-standard --exclude=*.zip --exclude=files/* -x '*.patch') ; do git --no-pager diff -p --ignore-space-change --ignore-cr-at-eol --raw --binary -b -w --no-index /dev/null $next; done; } > untracked.patchshow information about changes that will be applied