ikuamike / gist:0ddd4a75189658970fa695758a75a97d

Created January 13, 2021 11:56 — forked from jaredsburrows/gist:9e121d2e5f1147ab12a696cf548b90b0

full English translation of Phineas Fisher's account of how he took down HackingTeam - https://www.reddit.com/r/netsec/comments/4f3e6p/full_english_translation_of_phineas_fishers/

	_ _ _ ____ _ _
	\| \| \| \| __ _ ___\| \| __ \| __ ) __ _ ___\| \| _\| \|
	\| \|_\| \|/ _` \|/ __\| \|/ / \| _ \ / _` \|/ __\| \|/ / \|
	\| _ \| (_\| \| (__\| < \| \|_) \| (_\| \| (__\| <\|_\|
	\|_\| \|_\|\__,_\|\___\|_\|\_\ \|____/ \__,_\|\___\|_\|\_(_)

	A DIY Guide

ikuamike / kerberos_attacks_cheatsheet.md

Created September 3, 2020 14:47 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md

A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

ikuamike / sid2str.py

Created June 16, 2020 22:13 — forked from mprahl/sid2str.py

Python 2.7/3.5 function to convert an Active Directory binary SID to string format (sid_to_str)

	import sys
	import struct


	def sid_to_str(sid):
	""" Converts a hexadecimal string returned from the LDAP query to a
	string version of the SID in format of S-1-5-21-1270288957-3800934213-3019856503-500
	This function was based from: http://www.gossamer-threads.com/lists/apache/bugs/386930
	"""
	# The revision level (typically 1)

ikuamike / nmap.sh

Last active June 4, 2020 07:55

nmap.sh

	#!/bin/bash
	# automate quick port scan to feed thorough port scan with list of ports
	mkdir -p nmap
	sudo nmap -n -Pn -sS -v -p- --min-rate=1000 --open -oN nmap/$2_quick_tcp $1 \| grep -v "delay"
	ports=`grep -v nmap nmap/$2_quick_tcp \| grep open \| cut -d " " -f 1 \| cut -d "/" -f 1 \| tr '\n' ','\| head -c -1`
	nmap -n -Pn -sC -sV -p $ports -oA nmap/$2_full_tcp $1
	#sudo nmap -sS -p- --min-rate=1000 $1

ikuamike / root_bypass.js

Created May 6, 2020 10:58 — forked from pich4ya/root_bypass.js

Bypass Android Root Detection / Bypass RootBeer - August 2019

	// $ frida -l antiroot.js -U -f com.example.app --no-pause
	// CHANGELOG by Pichaya Morimoto ([email protected]):
	// - I added extra whitelisted items to deal with the latest versions
	// of RootBeer/Cordova iRoot as of August 6, 2019
	// - The original one just fucked up (kill itself) if Magisk is installed lol
	// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
	// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
	Java.perform(function() {

	var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",

ikuamike / android-burp-cert.sh

Created April 29, 2020 21:00 — forked from vavkamil/android-burp-cert.sh

One Liner For Installing Burp Certificate Into Android Nougat and Later

	# https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html
	#
	curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert \
	&& openssl x509 -inform DER -in cacert.der -out cacert.pem \
	&& cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem \|head -1).0 \
	&& adb root \
	&& adb remount \
	&& adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem \|head -1).0 /sdcard/ \
	&& echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem \|head -1).0 /system/etc/security/cacerts/" \| adb shell \
	&& echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem \|head -1).0" \| adb shell \

ikuamike / GoogleDorking.md

Created February 22, 2020 20:12 — forked from sundowndev/GoogleDorking.md

Google dork cheatsheet

Search filters

Filter	Description	Example
allintext	Searches for occurrences of all the keywords given.	`allintext:"keyword"`
intext	Searches for the occurrences of keywords all at once or one at a time.	`intext:"keyword"`
inurl	Searches for a URL matching one of the keywords.	`inurl:"keyword"`
allinurl	Searches for a URL matching all the keywords in the query.	`allinurl:"keyword"`
intitle	Searches for occurrences of keywords in title all or one.	`intitle:"keyword"`

ikuamike / SimpleHTTPServerWithUpload.py

Created September 2, 2019 17:57 — forked from touilleMan/SimpleHTTPServerWithUpload.py

Simple Python Http Server with Upload - Python3 version

	#!/usr/bin/env python3

	"""Simple HTTP Server With Upload.

	This module builds on BaseHTTPServer by implementing the standard GET
	and HEAD requests in a fairly straightforward manner.

	see: https://gist.github.com/UniIsland/3346170
	"""

ikuamike / pentest.sh

Created May 9, 2019 19:54 — forked from OffXec/pentest.sh

Installs pentesting tools, then symlinks them to be ran seamlessly.

	#/bin/bash

	git clone https://github.com/danielmiessler/SecLists.git /opt/seclists

	git clone https://github.com/s0md3v/XSStrike.git /opt/xsstrike
	sudo ln -s /opt/xsstrike/xsstrike.py /usr/local/bin/xsstrike
	chmod +x /opt/xsstrike/xsstrike.py

	git clone https://github.com/s0md3v/Arjun.git /opt/arjun
	sudo ln -s /opt/arjun/arjun.py /usr/local/bin/arjun

ikuamike / how-to-oscp-final.md

Created March 24, 2019 19:01 — forked from unfo/how-to-oscp-final.md

How to pass the OSCP

Recon
Find vuln
Exploit
Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

	_ _ _ ____ _ _
	\| \| \| \| __ _ ___\| \| __ \| __ ) __ _ ___\| \| _\| \|
	\| \|_\| \|/ _` \|/ __\| \|/ / \| _ \ / _` \|/ __\| \|/ / \|
	\| _ \| (_\| \| (__\| < \| \|_) \| (_\| \| (__\| <\|_\|
	\|_\| \|_\|\__,_\|\___\|_\|\_\ \|____/ \__,_\|\___\|_\|\_(_)

	A DIY Guide