1. install
brew install tor
brew install privoxy
2. copy and modify config file
binkybear
KyleHanslovan
/ DomainEnumeration.bat
Created
June 25, 2016 12:36
Post-exploitation host/domain survey using native Windows commands.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| whoami & hostname & ipconfig /all & net user /domain 2>&1 & net group /domain 2>&1 & net group "domain admins" /domain 2>&1 & net group "Exchange Trusted Subsystem" /domain 2>&1 & net accounts /domain 2>&1 & net user 2>&1 & net localgroup administrators 2>&1 & netstat -an 2>&1 & tasklist 2>&1 & sc query 2>&1 & systeminfo 2>&1 & reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>&1 |
secvalve
/ baxel.sh
Created
May 25, 2016 00:34
A bash script that uses CURL to get a file in parts, ala axel. Usage: baxel numparts url eg ./baxel 3 http://www.google.com/robots.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #$1 numparts, #$2 url | |
| #Get length | |
| TL=$(curl -sI $2 | grep Content-Length | awk '{printf "%d", $2}') | |
| echo "$s is $TL Bytes Long” | |
| #GetChunks | |
| for i in `seq 0 $(( $1 - 1 ))`; | |
| do |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # For latest Android Nexus devices (N5x, N6p, N9, etc.), Google is no longer | |
| # providing vendor tar archives to included into AOSP build trees. Oficially | |
| # it is claimed that all vendor proprietary blobs have been moved to /vendor | |
| # partition. Unfortunately that is not true since a few vendor executables, DSOs | |
| # and APKs/JARs are present under /system although missing from AOSP public tree. | |
| # | |
| # As such custom AOSP builds require to first extract such blobs from /system of | |
| # factory images and manually include them in vendor directory of AOSP tree. |
byt3bl33d3r
/ raw2ps_shellcode.py
Created
September 13, 2015 12:12
Converts raw shellcode to a PowerShell compatible byte array (helpful when using custom shellcode with Invoke-Shellcode.ps1)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| ps_shellcode = '@(' | |
| with open(sys.argv[1], 'rb') as shellcode: | |
| byte = shellcode.read(1) | |
| while byte != '': | |
| ps_shellcode += '0x{}, '.format(byte.encode('hex')) | |
| byte = shellcode.read(1) |
jakewarren
/ github_dorks.txt
Last active
June 29, 2016 21:13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #md5 hash of most used password 123456 | |
| #ref: https://twitter.com/TekDefense/status/294556153151647744 | |
| https://github.com/search?q=e10adc3949ba59abbe56e057f20f883e&type=Code&ref=searchresults | |
| #DB_PASSWORD | |
| #ref: http://seclists.org/fulldisclosure/2014/Mar/343 | |
| https://github.com/search?q=define%28%22DB_PASSWORD%22&type=Code&ref=searchresults | |
| #Possible SQL injection | |
| #ref: http://seclists.org/fulldisclosure/2013/Jun/15 |
byt3bl33d3r
/ ducky-convert.py
Last active
August 29, 2015 14:13
Converts the USB rubber ducky property files to a suitable format for the keyseed.py file in the kali nethunter project
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| from configobj import ConfigObj | |
| import sys | |
| import StringIO | |
| import re | |
| from pprint import pprint | |
| if len(sys.argv) < 3: | |
| print 'Usage: ducky-convert.py <keyboard.properties> <layout.properties>' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/system/bin/sh | |
| set -u | |
| ## ======================================================================================== | |
| ## alfred : manages an ArchLinux rootfs for enable LXC usage on Android | |
| ## ======================================================================================== | |
| PROGNAME="alfred" | |
| PROGVERS="0.0.6" | |
| PROGCONF="/data/$PROGNAME" | |
| PROGHELP="Usage: $PROGNAME [cmd] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * reversed SafeArrayRedim() in oldaut32.dll (Windows XP) | |
| * for CVE-2014-6332 | |
| */ | |
| typedef struct tagSAFEARRAY | |
| { | |
| USHORT cDims; // number of dimensions | |
| USHORT fFeatures; // type of elements | |
| ULONG cbElements; // byte size per element |
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000NewerOlder