shollingsworth’s gists

shollingsworth / windows_serial_attack_cookie.sh

Created February 10, 2022 01:56

windows serial attack cookie

	#!/usr/bin/env bash
	set -euo pipefail
	IFS=$'\n\t'

	cookie=$(cat <<EOF
	PrivateComputer=true; ClientId=D0C3189F94C144BFAB2BBC2D300EF256; X-OWA-JS-PSD=1; .AspNetCore.Antiforgery.oS4Q00mERc0=CfDJ8GogYDa3cIBEm6o0mB8_znDdHVP7jbN6xeWH9SMV2ube_SiT5oYo1wigM1UNjQUk9pfkIRng7waGXTFHlJDzcseHgsJmmP0XjcQzJN84HgkIrg6IrC0p7hSaMRTaWPs6PDAK9Sq4o0pzyXfckCPSiKQ; .AspNetCore.Session=CfDJ8GogYDa3cIBEm6o0mB8%2FznAcMxI8ak0jnchwoJjpzwEDNktCc6psX%2FpF643HGKIjoDbLa4shB2Fj1DsmrEIPCJEyon8HO6kTOL%2FUV2ySmh3WzHZ870%2B%2FZxA1KQL7%2Fi5ARMP1tSMSFAExiAFNUCES9329L1OWAb6A2FK8z45L7Dks; PBack=0; cadata=Xiuk6z/bVDKUd7U616e0xl7eZ5sjCRtB3bIAt4F8uPLf3QaDtNg7aOLwUqWMvrIfkmh0Lz+qqqAadc7mwrcrEXvRmsZ8V+PNTKSV/qmIIN8OvCT9nyRHFiO4jxZMhnyB2erumusSTCm42pmJn52zzzHTx2IkMt0nkwmW3xWpUK8=; cadataTTL=rmX8b+zhFQbIVLZ/9wD59A==; cadataKey=aoT+UI5YSOsuBhiUoH6VQKvUY7NRDWIXvyQo9C65BVR7tQq2Xajtiza3cBXwDIneZX1lVb1c93jfdFrmXI6VDoBVdLmBcLLs/zJnd0lRFNYd26ph+6lJ0HTB3lEDgfXRR8LtE2AA761/f67/CmRg/QPdUXmxxRRk/uWVZvET1EoKlT/2d2mq8TP/yp/ecYJZ2ovojnPz1CB6e/E/wttjqy6Ye40IPQvFGLHsOiapAP

shollingsworth / vhost_scan_ffuf.sh

Created February 10, 2022 01:56

vhost scan ffuf

ffuf -u http://hackfail.htb/ -H "Host: FUZZ.hackfail.htb" -w "$(wl)" -timeout 100 -t 1 -fs 10676 

shollingsworth / wordlist_from_website.sh

Created February 10, 2022 01:57

compile wordlist from website

cewl https://www.tesla.com/ > tesla_wordlist.txt

shollingsworth / wfuzz_crack_form_login.sh

Created February 10, 2022 01:57

wfuzz crack form login

shollingsworth / string_bypass.sh

Created February 10, 2022 01:58

curl string bypass attack

	#!/usr/bin/env bash
	set -euo pipefail
	IFS=$'\n\t'

	payload='elonmusk'
	# unicode
	ext="$(echo -ne "${payload}" \| xxd -c 1 \| awk '{print $2}' \| sed 's/^/\\\\u00/' \| tr -d '\n')"
	# hex
	ext="$(echo -ne "${payload}" \| xxd -c 1 \| awk '{print $2}' \| sed 's/^/\\\\x/' \| tr -d '\n')"
	echo "${payload}"

shollingsworth / bash_convert_stdin_to_digits.sh

Created February 10, 2022 01:59

bash convert stdin to lines of 8bit digits

	# Convert input into a series of digits
	echo hello \| xxd -c 1 \| awk '{print $2}' \| xargs -Inum printf "%d", 0xnum \| tr ',' '\n'

shollingsworth / symphony_fragment_attack.py

Created February 10, 2022 02:06

symphony fragment attack

	#!/usr/bin/env python3
	# -- coding: utf-8 --
	"""HTB."""
	import hashlib
	import hmac
	from base64 import b64encode
	from urllib import parse

	import requests
	from html2text import html2text

shollingsworth / ftp_recursive_download.sh

Created February 10, 2022 02:07

ftp recursive download

	# recusive download
	wget -r --no-passive-ftp --ftp-user=anonymous [email protected] ftp://${RHOSTS}

shollingsworth / symphony_lfi_limited.sh

Created February 10, 2022 02:10

symphony lfi (limited)

	# eos creds -H "X-Forwarded-For: 127.0.0.1" http://dev.hackfail.htb
	# eos get http://dev.hackfail.htb var/cache/dev/profiler/index.csv
	# eos scan -H "X-Forwarded-For: 127.0.0.1" http://dev.hackfail.htb
	# eos sources -H "X-Forwarded-For: 127.0.0.1" http://dev.hackfail.htb -o sources

	#!/usr/bin/env bash
	set -euo pipefail
	IFS=$'\n\t'

	files=($(

shollingsworth / php_docker_mysql_environment.txt

Created February 10, 2022 02:11

php docker mysql environment

	#!/usr/bin/env bash
	set -euo pipefail
	IFS=$'\n\t'

	cat <<MEOF >create.sql
	CREATE DATABASE testing;

	create table testing.users(
	id INT NOT NULL AUTO_INCREMENT,
	username VARCHAR(100) NOT NULL,

Steven Hollingsworth shollingsworth