Skip to content

Instantly share code, notes, and snippets.

View mmutj's full-sized avatar

mmutj

View GitHub Profile
@Spix0r
Spix0r / 403-Bypass-Headers-List.txt
Created October 3, 2024 15:24
I’ve analyzed numerous tools, blogs, tweets, and other resources on bypassing 403 Forbidden errors using HTTP Headers Fuzzing techniques. After extensive research, I’ve compiled a list of headers you can fuzz to potentially bypass 403 restrictions.
Allow: CONNECT
Allow: GET
Allow: HEAD
Allow: POST
Allow: TRACE
Client-IP: 0
Client-IP: 0177.0000.0000.0001
Client-IP: 0x7F000001
Client-IP: 10.0.0.0
Client-IP: 10.0.0.1
@daniruiz
daniruiz / ld_library_path_exploit.sh
Last active November 3, 2024 15:38
Script that automatically generates malicious library and exploits binary through LD_LIBRARY_PATH Hijacking. The script generates the list of missing symbols, based on the specified library, and creates the version-script map file to avoid error messages when loading the new created malicious library.
#!/bin/sh
# ./ld_path_exploit.sh /usr/lib/libgpg-error.so.0 top
TARGET_LIB=$1
MISSING_SYMBOLS="$(readelf -s --wide ${TARGET_LIB} \
| grep 'FUNC\|OBJECT' \
| grep -v 'UND\|ABS' \
| awk '{print $8}' \
@0prrr
0prrr / All-Malware-Analysing.md
Created June 7, 2023 09:05

Install FlareVM on Windows 10 VM Machine

Credit to Flare VM for the script.

This gist is to pick a former version of the install script and have it installed successfully on a Windows 10 x64 1809 VM machine becuase the latest one doesn't work.

Note: FLARE VM should ONLY be installed on a virtual machine!

  • Prepare a Windows 10+ virtual machine
  • FLARE VM has been tested on Windows 10 1809 x64 and 20H2
@0prrr
0prrr / All-Red-Teaming.md
Last active March 4, 2025 05:50
Red Team Reading...
  • AAD
  • Active Directory
  • Cloud
  • Cobalt Strike / Aggressor Scripts
  • Recon
  • UAC
  • Metasploit
  • Infrastructure
  • SMB
  • VBA
@0prrr
0prrr / All-Mal-Dev.md
Last active April 7, 2025 08:21
Malware Dev Reading List
@ruevaughn
ruevaughn / 1_top+hacker_methodologies.md
Last active April 2, 2025 17:36
Hacker Methodologies & Tools (NEW)

The Top Hacker Methodologies & Tools Notes

By Chase. ** *

Nuclei Templates

Concrete5 CMS : Identification, Mass Hunting, Nuclei Template Writing & Reporting

@olafhartong
olafhartong / Windows-CLSID.csv
Last active March 9, 2025 04:35
We can't make this file beautiful and searchable because it's too large.
CLSID,ClassName
{0000031A-0000-0000-C000-000000000046},CLSID
{0000002F-0000-0000-C000-000000000046},CLSID CLSID_RecordInfo
{00000100-0000-0010-8000-00AA006D2EA4},CLSID DAO.DBEngine.36
{00000101-0000-0010-8000-00AA006D2EA4},CLSID DAO.PrivateDBEngine.36
{00000103-0000-0010-8000-00AA006D2EA4},CLSID DAO.TableDef.36
{00000104-0000-0010-8000-00AA006D2EA4},CLSID DAO.Field.36
{00000105-0000-0010-8000-00AA006D2EA4},CLSID DAO.Index.36
{00000106-0000-0010-8000-00AA006D2EA4},CLSID DAO.Group.36
{00000107-0000-0010-8000-00AA006D2EA4},CLSID DAO.User.36
@yezz123
yezz123 / Exploitation.md
Created May 24, 2021 12:09
Pentesting-Exploitation
@daniruiz
daniruiz / kali-shell-aliases-and-functions.sh
Last active April 26, 2025 13:10
rshell add PATH
##################################################
# Extra tools
# $ sudo apt install -y kali-linux-default bloodhound bloodhound-ce-python chisel chisel-common-binaries dirsearch enum4linux-ng feroxbuster goshs grc iputils-ping mssqlpwner nishang peass powercat rlwrap rubeus seclists shellter sharphound sshpass
# urlencode:
# $ sudo apt install gridsite-clients
# csharp:
# $ sudo apt install mono-csharp-shell mono-mcs
# Install flatpak
# -> https://www.kali.org/docs/tools/flatpak/
# Python2 pip
@jonlabelle
jonlabelle / ldap_search_filter_cheatsheet.md
Last active April 15, 2025 16:07
LDAP Search Filter Cheatsheet