Skip to content

Instantly share code, notes, and snippets.

View gavrias's full-sized avatar
💭
binary diving

gavrias

💭
binary diving
0 followers · 2 following
View GitHub Profile
@gavrias
gavrias / turbointruder-404.py
Created November 10, 2021 20:18 — forked from DanielIntruder/turbointruder-404.py
A Turbo Intruder script for confirming CL.CL request smuggling
# if you edit this file, ensure you keep the line endings as CRLF or you'll have a bad time
def queueRequests(target, wordlists):
# to use Burp's HTTP stack for upstream proxy rules etc, use engine=Engine.BURP
engine = RequestEngine(endpoint=target.endpoint,
concurrentConnections=5,
requestsPerConnection=1, # if you increase this from 1, you may get false positives
resumeSSL=False,
timeout=10,
pipeline=False,
@gavrias
gavrias / matrix-howto-synapse_coturn.md
Created February 5, 2021 19:20 — forked from maxidorius/matrix-howto-synapse_coturn.md
Working config for VoIP in Matrix: synapse + coturn

This configuration is provided AS-IS and as an example/reference for those who do not find a working configuration for themselves. It is not always kept up to date and no support is provided.

Assuming:

  • Your Matrix domain: example.org
  • Your TURN domain (arbitrary): turn.example.org
  • Your Public IP: 1.2.3.4
  • Your Private IP for the box hosing the services: 10.11.12.13
  • A shared secret between synapse and coturn: ThisIsASharedSecret-ChangeMe
  • You want Firefox compatiblity (TURNS only is not supported)
@gavrias
gavrias / kerberos_attacks_cheatsheet.md
Created August 29, 2019 15:34 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module: