As configured in my dotfiles.
start new:
tmux
start new with session name:
Jasem Al-Sadi Jasemalsadi
Jasemalsadi
/ tmux_cheatsheet.markdown
Created
October 7, 2019 04:49
— forked from henrik/tmux_cheatsheet.markdown
tmux cheatsheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # tmux 2.4+ | |
| set -g default-terminal "screen-256color" | |
| # Change prefix key | |
| set -g prefix C-a | |
| bind C-a send-prefix | |
| unbind C-a | |
| set -g history-limit 10000 | |
| set -g allow-rename off |
Jasemalsadi
/ priv_basic.sh
Last active
December 30, 2019 06:41
Bash Script to automate Basic Linux Privilege Escalation information collection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # how to run it to output everything to file : | |
| # chmod +x priv_basic.sh | |
| # ./priv_basic.sh > file_name.rc 2>&1 | |
| # Notes: | |
| # 1) It takes around 1 min. | |
| # Commands mostly gathered from g0tmi1k priv escalation post (https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/) | |
| global_seprator=$"\n------------------------------------------------------------------------------------------------------------------------------\n" ; | |
| # Setting commands to be printed before execution: |
Jasemalsadi
/ rev_shell_SSTI_perl
Created
February 16, 2021 08:32
mutli line perl reverse shell one node js template injection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| spawn_sync = this.process.binding('spawn_sync') | |
| normalizeSpawnArguments = function(c,b,a){if(Array.isArray(b)?b=b.slice(0):(a=b,b=[]),a===undefined&&(a={}),a=Object.assign({},a),a.shell){const g=[c].concat(b).join(' ');typeof a.shell==='string'?c=a.shell:c='/bin/sh',b=['-c',g];}typeof a.argv0==='string'?b.unshift(a.argv0):b.unshift(c);var d=a.env||process.env;var e=[];for(var f in d)e.push(f+'='+d[f]);return{file:c,args:b,options:a,envPairs:e};} | |
| // Defines spawnSync, the function that will do the actual spawning | |
| spawnSync = function(){var d=normalizeSpawnArguments.apply(null,arguments);var a=d.options;var c;if(a.file=d.file,a.args=d.args,a.envPairs=d.envPairs,a.stdio=[{type:'pipe',readable:!0,writable:!1},{type:'pipe',readable:!1,writable:!0},{type:'pipe',readable:!1,writable:!0}],a.input){var g=a.stdio[0]=util._extend({},a.stdio[0]);g.input=a.input;}for(c=0;c<a.stdio.length;c++){var e=a.stdio[c]&&a.stdio[c].input;if(e!=null){var f=a.stdio[c]=util._extend({},a.stdio[c]);isUint8Array(e)?f.input=e:f.input=Buff |
Jasemalsadi
/ GetSectionHdrByName.c
Last active
January 29, 2022 09:01
Get a section header address by only the name of the section
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define IMAGE_FIRST_SECTION(ntheader) \ | |
| ((PIMAGE_SECTION_HEADER)(ULONG_PTR)((const BYTE *)&((const IMAGE_NT_HEADERS *)(ntheader))->OptionalHeader + \ | |
| ((const IMAGE_NT_HEADERS *)(ntheader))->FileHeader.SizeOfOptionalHeader)) | |
| // IMAGE_FIRST_SECTION = Pointer to the starting point of optional header “OPTHDROFFSET macro” + SizeOfOptionalHeader which exist in the image file header struct. | |
| BOOL WINAPI GetSectionHdrByName ( | |
| LPVOID lpFile, // pointer to the file | |
| IMAGE_SECTION_HEADER *sh, // returned pointer to the section header | |
| char *szSection // name of the section to find it. |
Jasemalsadi
/ decrypt_WLC.html
Created
November 3, 2022 21:04
HTML Script to automate decrypting passwords of any CISCO WLC config dump you might find during RT engagements . Anything with password 1 encryption.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <!-- <script src="script.js"></script> --> | |
| <!-- Crypto JS library --> | |
| <script> | |
| !function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,r,e,l,i,n,o,t,s,a,f,c,d,H,u,p,_,y,v,g,B,m,x,b,z,A,C,w,k,S,D,R,E,M,F,P,W,O,U,I,K,et,rt,X,L,j,N,T,Z,q,G,J,$,Q,V,Y,tt,it,nt,ot,st,ct,at,ht,lt,ft=ft||(h=Math,r=Object.create||function(t){return dt.prototype=t,t=new dt,dt.prototype=null,t},ot=(st={}).lib={},e=ot.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}},l=ot.WordArra |
Jasemalsadi
/ GPOSearcher.html
Last active
November 15, 2022 08:19
Using Grouper3 output, we can search for certain text in the each GPO , for example, any usage for allowunencryptedTraffic
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <!-- <script src="script.js"></script> --> | |
| </head> | |
| <body> | |
| <h1> GPO Pattern Searcher </h1> | |
| <p> Choose the GPO path file and text pattern to search for </p> | |
| <form name="myForm" onsubmit="return FindThePattern(true)"> |
Jasemalsadi
/ remote_debugging_phpstrom.md
Last active
April 21, 2023 03:33
PHPSTORM remote debugging with pivoting for OSWE Web Apps
Setup Port forwarding on the debugged machine:
ssh student@atutor
echo -e "\nGatewayPorts yes \n" | sudo tee -a /etc/ssh/sshd_config && sudo service sshd restart
Set up proxy Server on the Kali VM/VPN machine :
Jasemalsadi
/ shellcodeExec.asm
Last active
September 3, 2023 07:08
MASM code to execute shellcode from a file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .386 | |
| .model flat, stdcall | |
| OPTION CaseMap:None | |
| .stack 6096 | |
| ExitProcess PROTO, dwExitCode: DWORD | |
| include \masm32\include\windows.inc |
Jasemalsadi
/ shellcodeCatcher.js
Created
October 10, 2023 19:36
Windbg JS function to break when any cmp or test instruction comparing our input buffer (e.g. 4141)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function find_cmp_use_shellcode(patternsArg) { | |
| /* | |
| .scriptrun c:\scripts\debug.js | |
| bp 0056C4B6 | |
| bp 0056c850 | |
| g | |
| dx .State.Scripts.debug.Contents.find_cmp_use_shellcode("4141,4242,4432") | |
| */ | |
| var patterns = patternsArg.split(",") | |
| if (patterns === null || patterns.length==0) { |
OlderNewer