ssh-add --apple-use-keychain --apple-load-keychain ~/.ssh/id_ed25519
🌿 Budding notes
These notes now at least make sense, but they're still growing and may be expanded or refined over time.
There’s no global setting to remove YouTube shorts, but I’ve found that by saying “not interested” to every one which pops up they’ve been removed from my feed.
Right now I’m not sure how long this will be in effect for, but it’s at least a temporary solution.
Reading and writing to the same file can in theory cause it to become truncated or corrupted so you can use sponge from moreutils to “soak up std out and write to a file” which ensures that the file is processed in entirety before redirecting the output back to the same file.
tail -r file.txt | sponge file.txt
Using a UNION injection we can find out about a (MySQL/MariaDB) structure.
Here are some minimal examples. Remember to determine the correct number of columns 🌿
and match that. Also clearly remember to add WHERE clauses to these to narrow down the search.
Databases
UNION SELECT SCHEMA_NAME from INFORMATION_SCHEMA.SCHEMATA;
Tables
UNION SELECT TABLE_NAME,TABLE_SCHEMA from INFORMATION_SCHEMA.TABLES;
Columns
UNION SELECT COLUMN_NAME,TABLE_NAME FROM INFORMATION_SCHEMA.COLUMNS;
Privileges
UNION SELECT GRANTEE, PRIVILEGE_TYPE FROM INFORMATION_SCHEMA.USER_PRIVILEGES
References
A union injection causes additional rows to be added to the result set by using the UNION clause. To do this, we need to know the number of columns in the target result set.
There are two easy strategies for this. Using order by or union. Assume that the following is vulnerable:
SELECT * from users where username='$oops'
order by
In MySQL you can use numeric arguments for order by which you can use to infer the number of columns. Let $oops = "test' order by 1 -- then the query becomes:
dnsenum
Performs various dns-level and osint searches to find sub domains.
dnsenum \
--enum target.tld \
-f /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt
gobuster
You can do virtual host subdomain brute forcing with gobuster. You can specify the target as a hostname or ip.
gobuster vhost \
-u http[s]://targetip[:port] \
-w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt \
--append-domain
proxychains ↗️ is a tool which forwards TCP traffic via a proxy. You run other applications via it. For example
proxychains curl www.example.com
The relevant part of config for HTTP traffic is in /etc/proxychains.conf
#socks4 127.0.0.1 9050 # comment this line out. TODO: Why?
# Add the following line
http 127.0.0.1 8080
This config forwards the traffic to a proxy on 8080 which is the default for burp. Change the setup as needed for other tools.
Meta search
- Kagi ↗️ premium (paid for and ad-free) search prioritising privacy and user experience. Reminiscent of the good-old-days
- SearXNG ↗️ self-hostable, open-source metasearch engine that aggregates results from 200+ engines. There are hosted versions but privacy or veracity is not guaranteed
Specialist
- Virus Total ↗️ meta engine for checking files and their hashes against virus databases
- Shodan ↗️ is an engine to find devices connected to the internet
- Censys ↗️ searches hosts, IPs, certificates
Exploits and CVE databases
After writing my notes on revamping the site 🌲 I’ve stumbled across the new idea of digital gardening as an alternative to blogging. It’s not actually that new, but it is to me.
What I like about it is how close it is to a Zettelkasten and how it allows for notes to be written and published in an unfinished state completely guilt-free. It reminds me of my first website all that time ago where there were pages which had nothing other than an under construction banner.
I thought I’d share my github action which deploys this site whenever a push a new file to main. It compiles the site with hugo and the rsyncs across to the server.
This means that my workflow is:
- fire up neovim and write
- commit and push
- sit back and wait for the site to update
The code for the action is below. It requires a couple of secrets to be set up: