Skip to content

Instantly share code, notes, and snippets.

View yehgdotnet's full-sized avatar

Aung Khant yehgdotnet

99 followers · 207 following
View GitHub Profile
@yehgdotnet
yehgdotnet / gist:648d0a23bb65d922ef13cdf649dc00d9
Created April 26, 2020 13:08
cloudflare / google dns
1.0.0.1
1.1.1.1
149.112.112.112
2606:4700:4700::1001
2606:4700:4700::1111
2620:fe::9
2620:fe::fe
8.8.4.4
8.8.8.8
9.9.9.9
@yehgdotnet
yehgdotnet / common-passwords.txt
Created April 27, 2020 05:57
Common passwords
000000
1q2w3e
1q2w3e4r
1q2w3e4r5t
1qaz2wsx
3rjs1la7qe
18atcskd2w
123
123qwe
1234
@yehgdotnet
yehgdotnet / gist:c841e191afb5c490409f7769a128e022
Created April 27, 2020 08:47
IDOR Prevention
The most effective control against insecure direct object reference attacks is to avoid exposing internal functionality of the software using a direct object reference that can be easily manipulated.
The following are some defensive strategies that can be taken to accomplish this objective:
■ Use indirect object reference by using an index of the value or a reference map so that direct parameter manipulation is rendered futile unless the attacker also is aware of how the parameter maps to the internal functionality.
■ Do not expose internal objects directly via URLs or form parameters to the end user.
@yehgdotnet
yehgdotnet / gist:d541c60eaa8b6cd9db71e7463ed1bb1c
Last active May 5, 2021 15:07
Tampermonkey filesave dialog
A very fast and easy solution is to use FileSaver.js :
1) Add the following line into the ==UserScript== section of your Greasemonkey script
// @require https://raw.githubusercontent.com/eligrey/FileSaver.js/master/src/FileSaver.js
2) Add the 2 following lines of code to the GM script
var blob = new Blob(["Hello, world!"], {type: "text/plain;charset=utf-8"});
saveAs(blob, "hello world.txt");
@yehgdotnet
yehgdotnet / gist:d745d23169d73f14ecf5fbf31f47d23c
Last active May 9, 2020 04:58
JavaScript HTTPS Redirector
<script>
var original_url = window.location.toString();
var https_url = original_url.replace("http://","https://");
if (window.location.toString().indexOf("http://")==0){
location.replace(https_url);
}
</script>
@yehgdotnet
yehgdotnet / read-ip-from-file.go
Created August 2, 2020 02:46
Golang Extract IP from file (raw.txt)
package main
import (
"fmt"
"regexp"
"io/ioutil"
"log"
)
func main() {
@yehgdotnet
yehgdotnet / smbexec.py
Created August 11, 2020 14:56
smbexec.py with port 443 allowed
#!/usr/bin/env python
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# A similar approach to psexec w/o using RemComSvc. The technique is described here
# https://www.optiv.com/blog/owning-computers-without-shell-access
# Our implementation goes one step further, instantiating a local smbserver to receive the
@yehgdotnet
yehgdotnet / recon-by-mentor.sh
Created August 16, 2020 16:57
CyberMentor's Recon script - https://pastebin.com/raw/MhE6zXVt by Heath Adams
#!/bin/bash
url=$1
if [ ! -d "$url" ];then
mkdir $url
fi
if [ ! -d "$url/recon" ];then
mkdir $url/recon
fi
# if [ ! -d '$url/recon/eyewitness' ];then
# mkdir $url/recon/eyewitness
@yehgdotnet
yehgdotnet / hourlynotification.scpt
Created August 24, 2020 15:31
AppleScript Hourly Notification
set Dummy to ""
set HourTimer to 1
repeat while Dummy = ""
display notification "[Your Notification]"
delay 3600 * HourTimer
end repeat
@yehgdotnet
yehgdotnet / feed-reader.au3
Last active August 25, 2020 14:30
AutoIT Feed Reader
Local $feed_file = "theregister.xml"
Local $hDownload = InetGet ( "http://www.theregister.co.uk/security/headlines.atom" , $feed_file )
Local $file = FileOpen($feed_file, 0)
Global $security_feeds = ""
Global $counter = 0
; Check if file opened for reading OK
If $file = -1 Then