Skip to content

Instantly share code, notes, and snippets.

View MrMugiwara's full-sized avatar
🇲🇦
Working from home

Soufiane Boussali MrMugiwara

🇲🇦
Working from home
271 followers · 203 following
View GitHub Profile
@MrMugiwara
MrMugiwara / jsp.py
Last active April 27, 2017 21:49
Joomla python scanner
#!/usr/bin/python
# C0d3d By MrMugiwra
import sys,urllib2,time,httplib
mtucx = 5
@MrMugiwara
MrMugiwara / README.md
Created July 16, 2016 22:56 — forked from MidnightLightning/README.md
Steganography tools

Steganography: the art of hiding in plain sight. Messages specifically. These are a series of tools that aid in embedding messages in digital files.

While steganography provides obscurity, it does not strictly provide security. Before hiding your message using any of these scripts, it's suggested you encode your message (try PGP/GnuPG encryption or put it in a TrueCrypt container if you're at a loss).

pngload.py

The PNG file format divides the image data into 'chunks', and allows for additional, private chunks to be added by image editors. This script takes the message you wish to embed and saves it as binary data in such an ancillary chunk.

The files being embedded are compressed with bzip2 compression if they're not already a bzip2 archive. This is different from the `

@MrMugiwara
MrMugiwara / how-to-oscp-final.md
Created January 9, 2017 21:49 — forked from unfo/how-to-oscp-final.md

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@MrMugiwara
MrMugiwara / web-servers.md
Created April 27, 2017 22:10 — forked from willurd/web-servers.md
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@MrMugiwara
MrMugiwara / NetSecCheck.md
Created June 22, 2017 23:08
Network Security VAPT Checklist

Hi dear reader, there are very few technical network security assessment checklist. So I thought to share my own on this. Have a look and enjoy. Lets talk about the scope first. If you are given a 1000 machines to perform VAPT, then here is your scope. Single machine can have 65535 ports open. Any single port can deploy any service software from the world. For example FTP can be run on smartftp, pureftpd etc.. Any single FTP software version (for example pureftpd 1.0.22) can have number of vulnerabilities available. So if you multiply all of these, then it is impossible for any auditor to go ahead and probe all ports manually and find services manually. Even if he/she is able to do it, it is impossible to check all vulnerabilities that are pertaining to a single port of a single machine. Hence we have to rely on scanners such as nexpose, nessus, openvas, coreimpact etc. Here are some quick tools and test cases that one can perform on commonly found ports in the network pentest.

Identify live host

@MrMugiwara
MrMugiwara / NetSecCheck.md
Last active April 13, 2022 20:27
Network Security VAPT Checklist

Hello Dear Reader,
there are very few technical network security assessment checklist.
So I thought to share my own on this. Have a look and enjoy.
Lets talk about the scope first. If you are given a 1000 machines to perform VAPT, then here is your scope.
Single machine can have 65535 ports open. Any single port can deploy any service software from the world.
For example FTP can be run on smartftp, pureftpd etc..
Any single FTP software version (for example pureftpd 1.0.22) can have number of vulnerabilities available.
So if you multiply all of these, then it is impossible for any auditor to go ahead and probe all ports manually and find services manually.
Even if he/she is able to do it, it is impossible to check all vulnerabilities that are pertaining to a single port of a single machine.
Hence we have to rely on scanners such as nexpose, nessus, openvas, coreimpact etc.

@MrMugiwara
MrMugiwara / best_router_for200.txt
Created September 17, 2017 23:21 — forked from faidamine/best_router_for200.txt
Extracting Files (16 Go)
Using FTK Imager and go to (var/www/)
You will find login.pl & index.pl & username.txt & password.txt
login ( admin : iforgotaboutthemathtest )
flag : flag{but_I_f0rgot_my_my_math_test_and_pants}
#!/usr/bin/perl
if ($ENV{'REQUEST_METHOD'} eq "POST") {
@MrMugiwara
MrMugiwara / Pilot_pwn75.py
Created September 17, 2017 23:21 — forked from faidamine/Pilot_pwn75.py
#usr/bin/python
#Faid Mohammed Amine
#Fb : piratuer
from pwn import *
con = remote('pwn.chal.csaw.io',8464)
con.recvuntil("Location:")
@MrMugiwara
MrMugiwara / SCV_pwn100.py
Created September 17, 2017 23:21 — forked from faidamine/SCV_pwn100.py
#usr/bin/python
#Faid Mohammed Amine
#Fb : piratuer
from pwn import *
libc = ELF("libc-2.23.so")
r = remote("pwn.chal.csaw.io", 3764)
@MrMugiwara
MrMugiwara / rev_realism400.py
Created September 17, 2017 23:22
#!/usr/bin/python
from z3 import *
orig = [0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70]
shuf = [0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x65, 0x66, 0x67, 0x68, 0x61, 0x62, 0x63, 0x64]
x = [0xb8, 0x13, 0x0, 0xcd, 0x10, 0xf, 0x20, 0xc0, 0x83, 0xe0, 0xfb, 0x83, 0xc8, 0x2, 0xf, 0x22]
d = [0x270,0x211,0x255,0x229,0x291,0x25E,0x233,0x1F9,0x278,0x27B,0x221,0x209,0x25D,0x290,0x28F,0x2DF]