HarmJ0y

#!/usr/bin/python


# Python port of keepass2john from the John the Ripper suite (http://www.openwall.com/john/)
# ./keepass2john.c was written by Dhiru Kholia <dhiru.kholia at gmail.com> in March of 2012
# ./keepass2john.c was released under the GNU General Public License
#   source keepass2john.c source code from: http://fossies.org/linux/john/src/keepass2john.c
#
# Python port by @harmj0y, GNU General Public License
#

mkhairi

Never touch your local /etc/hosts file in OS X again

To setup your computer to work with *.dev domains, e.g. project.dev, awesome.dev and so on, without having to add to your hosts file each time.

Requirements

• Homebrew
• Mountain Lion

Install

unfo

How to pass the OSCP

1. Recon
2. Find vuln
3. Exploit
4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

mgeeky

#!/bin/bash

# Forticlient SSL VPN Client launching script utilizing expect.

# --------------------------------------------
# CONFIGURATION

# If empty - script will take some simple logic to locate appropriate binary.
FORTICLIENT_PATH=""

mgeeky

#!/bin/bash
#
# OpenVAS automation script.
# Mariusz B. / mgeeky, '17
#	v0.2
#

trap ctrl_c INT

# --- CONFIGURATION ---

floer32

<!-- access this at: https://cdn.rawgit.com/ErosLever/f72bc0750af4d2e75c3a/raw/owasp-risk-rating.html -->
<html><head>
<style>
#main{
	width: 1200px;
}
table {
	width: 98%;
	font-size: small;
	text-align: center;

berzerk0

This gist has been DEPRECATED.

The official version is found at https://berzerk0.github.io/GitPage/CTF-Writeups/Optimum-HTB.html

Updates will be reflected on GITPAGE VERSIONS ONLY

CTF Writeup: Optimum on HackTheBox

30 October 2017

Introduction

This was one of my first capture the flags, and the first HTB to go retired while I had a good enough grasp of it to do a write up. The steps are directed towards beginners, just like the box.

pjmazenot

# 1. Install Apache 2.4
export DEBIAN_FRONTEND=noninteractive && apt update && apt full-upgrade -y
apt-get install -y python-software-properties software-properties-common gcc make re2c libpcre3-dev curl sshpass apt-utils
apt-get -y install apache2

# 2. Install custom apt repository for PHP 7.0
apt install -y locales && locale-gen en_US.UTF-8 && locale -a
LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 add-apt-repository -y ppa:ondrej/php

# 3. Install php 7.0

jgamblin

#!/usr/bin/python3
import os

shodan = ["104.131.0.69", "104.236.198.48", "155.94.222.12","155.94.254.133", "155.94.254.143", "162.159.244.38", "185.181.102.18", "188.138.9.50", "198.20.69.74", "198.20.69.98", "198.20.70.114", "198.20.87.98", "198.20.99.130", "208.180.20.97", "209.126.110.38",  "216.117.2.180", "66.240.192.138", "66.240.219.146", "66.240.236.119", "71.6.135.131", "71.6.146.185", "71.6.158.166", "71.6.165.200", "71.6.167.142",  "82.221.105.6", "82.221.105.7", "85.25.103.50", "85.25.43.94", "93.120.27.62", "98.143.148.107",  "98.143.148.135"]

for ip in shodan:
    os.system("iptables -A INPUT -s {} -j DROP".format(ip))

lokori

#!/bin/bash
set -eu

URL=$1

echo "super go bustering for super brute: $URL"

gobuster -u $URL -l -s 200,204,301,302,307,403 -w /root/tools/SecLists/Discovery/Web_Content/tomcat.txt
gobuster -u $URL -l -s 200,204,301,302,307,403 -w /root/tools/SecLists/Discovery/Web_Content/nginx.txt
gobuster -u $URL -l -s 200,204,301,302,307,403 -w /root/tools/SecLists/Discovery/Web_Content/apache.txt