minkione

#! /bin/bash

## This script fetch js files from a domain name and make a wordlist by words in js files
## Credit: https://gist.github.com/aufzayed/6cabed910c081cc2f2186cd27b80f687

##### Install requirements #####
##### Before running this script you should install Go #####

## Install subjs (https://github.com/lc/subjs)
GO111MODULE=on go get -u -v github.com/lc/subjs

minkione

inurl /bug bounty
inurl : / security
inurl:security.txt
inurl:security "reward"
inurl : /responsible disclosure
inurl : /responsible-disclosure/ reward
inurl : / responsible-disclosure/ swag
inurl : / responsible-disclosure/ bounty
inurl:'/responsible disclosure' hoodie
responsible disclosure swag r=h:com

minkione

Attacking user behaviour as a consequence of forced regular password change

Let's assume using ophcrack for cracking NT hashes in pwdump format where the pwdump includes password history hashes also. Assume we have cracked several hashes in the history.

Steps for getting more passwords cracked (assuming users just increase/decrease/edit numbers at the end of their passwords on regular forced password change by policy):

1. Get cracked passwords (including history):

cat ophcrack.pwdump | grep -v ':::$' | awk -F: '{ print $7 }' | sort -u > wordlist_ophcracked.txt

minkione

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

minkione

• Digital Hotplate, 7" x 7" Plate, 115V
• 18" Wide Ducted Fume Hood
• Vortex Powerfans VTX400, 4"
• Aluminum Hose for HVAC System
• 3M Safety 142–6800 Safety Reusable Full Face Mask Respirator & 3M Organic Vapor/Acid Gas Cartridge/Filter 60923, P100 Respiratory Protection
• 40x-800x Polarizing Metallurgical Microscope w Top and Bottom Lights + 18MP USB3.0 Camera
• [1ML Graduated Essential Oil Pipette Dropper](https://www.amazon.com/gp/pro

minkione

eMMC reballing

The same technique should work well with other (bigger) ball sizes too, however there are rarely issues when handling bigger packages and less care is usually needed there.

The technique uses premade solder balls, not solder paste.

Equipment:

• Solder balls of correct size (0.3mm for eMMC)
• Stencil to hold the balls with correct configuration for the package eg eMMC 153/169 standard stencil

minkione

EESchema-LIBRARY Version 2.4
#encoding utf-8
#
# Generic_ONFI_NAND_LGA52
#
DEF Generic_ONFI_NAND_LGA52 U 0 40 Y Y 1 F N
F0 "U" 0 2650 50 H V L BNN
F1 "Generic_ONFI_NAND_LGA52" 0 -100 50 H V L BNN
F2 "Memory:LGA52C100P7X13_UNI" 0 0 50 H I L BNN
F3 "" 0 0 50 H I L BNN

minkione

cve-2019-8449 
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. 
 https://jira.atlassian.com/browse/JRASERVER-69796
 https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
=====================================================================================================================================

minkione

#include <stdio.h>               
#include <sys/stat.h>                            
#include <stdlib.h>                                         
#include <string.h>
                                                            
#define LOADOFFSET 0x40000000 // RAM is mapped to 0x40000000, added to account for this                                   
                
int main(int argc, char **argv) {
    FILE *needle;
    FILE *haystack;                    

minkione

nucleir() {
	local TPL="$HOME/Documents/nuclei-templates"

	[[ -z "${1}" ]] && { echo "-target/-l ?"; return; }
	[[ -z "${2}" ]] && { echo "Input target?"; return; }

	local T=""

	for i in `ls -1d ${TPL}/*/`; do
		if [[ ! "${i}" =~ (brute-force|examples|payloads) ]]; then