andreyvit

tmux cheat sheet

(C-x means ctrl+x, M-x means alt+x)

Prefix key

The default prefix is C-b. If you (or your muscle memory) prefer C-a, you need to add this to ~/.tmux.conf:

remap prefix to Control + a

joncave

<?php   
/* Plugin Name: Damn Vulnerable WordPress Plugin
 * Description: Intentionally vulnerable plugin for plugin author education
 * Version: 0.1
 * Plugin URI: http://make.wordpress.org/plugins/2013/04/09/intentionally-vulnerable-plugin/
 * Author: Jon Cave
 * Author URI: http://joncave.co.uk
 * License: GPLv2+
 *              
 * DO NOT RUN THIS PLUGIN ON AN INTERNET ACCESSIBLE SITE

stevenswafford

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!

HarmJ0y

# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
#   has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>

# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse

# get the effective set of users who can administer a server

unfo

How to pass the OSCP

1. Recon
2. Find vuln
3. Exploit
4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

glamrock

  I've compiled a list of data 
aggregators, data brokers, direct marketing firms, and others who trade 
personal data. Many of these are very quickly dealt with via web forms, 
but others require a letter and a copy of a photo ID.  Many of the data 
brokers came from my notes, but others have come from Reddit threads, 
and stopdatamining.me. All sources were fairly out of date, so I've gone 
through and listed the current contact info and process for each.  Feel 
free to pass it along and let me know if there are any errors or 
omissions. ^_^

xbb

Use this as an example on how to start the virtual console without the need of Java Web Start or accessing it from the web interface.
You can use the user and password that you use for the web interface.

You need an old JRE... I used 1.7.0_80 from the Server JRE package, also I have tested successfully 1.7.0_79 with MacOS.
You don't need to install it, just extract it or copy the files in "jre" folder.

Open the viewer.jnlp file that you get by launching the virtual console from the web interface with a text editor.
Note the urls to the jar files. Download the main jar file avctKVM.jar and the libs for your operating system and architecture.
Extract the dlls (.so Linux, .jnilib MacOS) from the jar libs.

nlitsme

#!/bin/bash
# query.sh from BreachCompilation - magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3
# works with older bash versions.
# patch by Willem <[email protected]>
dir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )

if [ "$1" != "" ]; then
    word1=$(echo $1 | tr A-Z a-z)
	letter1=$(echo $word1|cut -b1)
	if [[ $letter1 == [a-zA-Z0-9] ]]; then

youkergav

# Define imports.
from time import time, strftime
from datetime import datetime
from glob import iglob
from os import path, system
from sys import exc_info
from subprocess import Popen, PIPE
from curses import initscr, noecho, cbreak, echo, nocbreak, endwin
from psycopg2 import connect

dylanmckay

#! /usr/bin/env ruby

# NOTE: Requires Ruby 2.1 or greater.

# This script can be used to parse and dump the information from
# the 'html/contact_info.htm' file in a Facebook user data ZIP download.
#
# It prints all cell phone call + SMS message + MMS records, plus a summary of each.
#
# It also dumps all of the records into CSV files inside a 'CSV' folder, that is created