Skip to content

Instantly share code, notes, and snippets.

Working from home

Fernandez, ReK2 ReK2Fernandez

Working from home
Block or report user

Report or block ReK2Fernandez

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View NeoMutt colorschemes
# for background in 16 color terminal, valid background colors include:
# base03, bg, black, any of the non brights
# style notes:
# when bg=235, that's a highlighted message
# normal bg=233
# basic colors ---------------------------------------------------------
# color normal brightyellow default
color error color196 color235 # message line error text
ReK2Fernandez /
Created Jun 5, 2018 — forked from xassiz/
Reverse MSSQL shell
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
set -eu
declare -a FILES=("tomcat.txt" "nginx.txt" "apache.txt" "Top1000-RobotsDisallowed.txt" "ApacheTomcat.fuzz.txt" "sharepoint.txt" "iis.txt")
View gist:1f6f4afc2de1006de4e56e6e9a7d4b20
This turns
into a Remote Command Execution:
NOTE: It relies on the PHP expect module being loaded
joern@vbox-1:/tmp$ cat /var/www/server.php

Keybase proof

I hereby claim:

  • I am rek2fernandez on github.
  • I am cfernandez ( on keybase.
  • I have a public key ASDB2t5UcZyFOJ7JllgzK85TEJfktBx0ibpsCrPs6aacGQo

To claim this, I am signing this object:

ReK2Fernandez / StegBrute.rb
Last active Nov 22, 2017
Brute force steganography passwords
View StegBrute.rb
#!/bin/env ruby
# Hispgatos
# by ReK2, Fernandez Chris
# Bruteforce password protected documents hidden inside images
# add you dictionary below to the dic variable
# of course you need to have installed steghide
require 'open3'
ReK2Fernandez / xxsfilterbypass.lst
Last active Nov 15, 2017 — forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
View xxsfilterbypass.lst
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it


Unicornscans in cli, nmap in msfconsole to help store loot in database.

ReK2Fernandez / MyPackage.opm
Created Sep 27, 2017 — forked from mgeeky/MyPackage.opm
OTRS OPM backdoored Package with Reverse Shell
View MyPackage.opm
<?xml version="1.0" encoding="utf-8" ?>
<otrs_package version="1.1">
<Vendor>My Module</Vendor>
<License>GNU GENERAL PUBLIC LICENSE Version 2, June 1991</License>
<ChangeLog Version="1.0.1" Date="2006-11-11 11:11:11">My Module.</ChangeLog>
<Description Lang="en">MyModule</Description>
ReK2Fernandez /
Created Aug 24, 2017 — forked from 1N3/
Linux Privilege Escalation Script by 1N3 @CrowdShield -
# `7MN. `7MF'
# __, MMN. M
#`7MM M YMb M pd""b.
# MM M `MN. M (O) `8b
# MM M `MM.M ,89
# MM M YMM ""Yb.
#.JMML..JML. YM 88
# (O) .M'
You can’t perform that action at this time.