This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Hello! Two step CSRF coming up... | |
<iframe src="step1.html" width="0" height="0"> | |
</iframe> | |
<iframe src="step2.html" width="0" height="0"> | |
</iframe> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<script language="javascript"> | |
window.onload = function() { | |
document.getElementById("csrfForm1").submit(); | |
// to make 2nd form wait for 1st, put the following in a function and use as a callback for a new timer | |
document.getElementById("csrfForm2").submit(); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
for i in `ls -d */`; do cd $i && git pull && cd ..; done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ufw route allow in on wg0s out on eth0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chromium --no-sandbox --proxy-server="http://127.0.0.1:8080" --disable-xss-auditor & |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
So use a simple watch -n 30 torghost switch | |
That'll get you regular new IP addresses. | |
To log the IP addresses isn't as clean, do this (make sure you proxy through burp, and have Burp configured to use Tor proxy) | |
watch -n 15 -t curl --proxy http://127.0.0.1:8080 -s ipinfo.io/ip >> torSourceIPs.txt | |
Due to weird formatting, you'll often not actually see those IP addresses if you cat the file, but they're there if you open it in sublime or something. | |
You can grep them out cleanly with this: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cat ~/.cme/logs/*secrets | egrep -v '(sha1|md5|DPAPI_SYSTEM|dpapi|NL\$KM|L\$|\$:aad3b435b51404eeaad3b435b51404ee)' | sort -u |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/usr/bin/vmhgfs-fuse .host:/ /mnt/hgfs -o subtype=vmhgfs-fuse,allow_other | |
This seems to work too in fstab: | |
vmhgfs-fuse /mnt/hgfs fuse defaults,allow_other 0 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Hard to detect service, tweaks to nmap to help: | |
Slow it down with -T2 or -T1 | |
Use masscan | |
Fin scans | |
Null scans | |
XMas scans | |
Fragment scans | |
Data length scan | |
TTL scan |
OlderNewer