Skip to content

Instantly share code, notes, and snippets.

View ikuamike's full-sized avatar

Michael Ikua ikuamike

67 followers · 76 following
View GitHub Profile
@ikuamike
ikuamike / gist:0ddd4a75189658970fa695758a75a97d
Created January 13, 2021 11:56 — forked from jaredsburrows/gist:9e121d2e5f1147ab12a696cf548b90b0
full English translation of Phineas Fisher's account of how he took down HackingTeam - https://www.reddit.com/r/netsec/comments/4f3e6p/full_english_translation_of_phineas_fishers/
_ _ _ ____ _ _
| | | | __ _ ___| | __ | __ ) __ _ ___| | _| |
| |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / |
| _ | (_| | (__| < | |_) | (_| | (__| <|_|
|_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_)
A DIY Guide
@ikuamike
ikuamike / kerberos_attacks_cheatsheet.md
Created September 3, 2020 14:47 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@ikuamike
ikuamike / sid2str.py
Created June 16, 2020 22:13 — forked from mprahl/sid2str.py
Python 2.7/3.5 function to convert an Active Directory binary SID to string format (sid_to_str)
import sys
import struct
def sid_to_str(sid):
""" Converts a hexadecimal string returned from the LDAP query to a
string version of the SID in format of S-1-5-21-1270288957-3800934213-3019856503-500
This function was based from: http://www.gossamer-threads.com/lists/apache/bugs/386930
"""
# The revision level (typically 1)
@ikuamike
ikuamike / nmap.sh
Last active June 4, 2020 07:55
nmap.sh
#!/bin/bash
# automate quick port scan to feed thorough port scan with list of ports
mkdir -p nmap
sudo nmap -n -Pn -sS -v -p- --min-rate=1000 --open -oN nmap/$2_quick_tcp $1 | grep -v "delay"
ports=`grep -v nmap nmap/$2_quick_tcp | grep open | cut -d " " -f 1 | cut -d "/" -f 1 | tr '\n' ','| head -c -1`
nmap -n -Pn -sC -sV -p $ports -oA nmap/$2_full_tcp $1
#sudo nmap -sS -p- --min-rate=1000 $1
@ikuamike
ikuamike / root_bypass.js
Created May 6, 2020 10:58 — forked from pich4ya/root_bypass.js
Bypass Android Root Detection / Bypass RootBeer - August 2019
// $ frida -l antiroot.js -U -f com.example.app --no-pause
// CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh):
// - I added extra whitelisted items to deal with the latest versions
// of RootBeer/Cordova iRoot as of August 6, 2019
// - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
Java.perform(function() {
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
@ikuamike
ikuamike / android-burp-cert.sh
Created April 29, 2020 21:00 — forked from vavkamil/android-burp-cert.sh
One Liner For Installing Burp Certificate Into Android Nougat and Later
# https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html
#
curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert \
&& openssl x509 -inform DER -in cacert.der -out cacert.pem \
&& cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 \
&& adb root \
&& adb remount \
&& adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /sdcard/ \
&& echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /system/etc/security/cacerts/" | adb shell \
&& echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | adb shell \
@ikuamike
ikuamike / GoogleDorking.md
Created February 22, 2020 20:12 — forked from sundowndev/GoogleDorking.md
Google dork cheatsheet

Google dork cheatsheet

Search filters

Filter Description Example
allintext Searches for occurrences of all the keywords given. allintext:"keyword"
intext Searches for the occurrences of keywords all at once or one at a time. intext:"keyword"
inurl Searches for a URL matching one of the keywords. inurl:"keyword"
allinurl Searches for a URL matching all the keywords in the query. allinurl:"keyword"
intitle Searches for occurrences of keywords in title all or one. intitle:"keyword"
@ikuamike
ikuamike / SimpleHTTPServerWithUpload.py
Created September 2, 2019 17:57 — forked from touilleMan/SimpleHTTPServerWithUpload.py
Simple Python Http Server with Upload - Python3 version
#!/usr/bin/env python3
"""Simple HTTP Server With Upload.
This module builds on BaseHTTPServer by implementing the standard GET
and HEAD requests in a fairly straightforward manner.
see: https://gist.github.com/UniIsland/3346170
"""
@ikuamike
ikuamike / pentest.sh
Created May 9, 2019 19:54 — forked from OffXec/pentest.sh
Installs pentesting tools, then symlinks them to be ran seamlessly.
#/bin/bash
git clone https://github.com/danielmiessler/SecLists.git /opt/seclists
git clone https://github.com/s0md3v/XSStrike.git /opt/xsstrike
sudo ln -s /opt/xsstrike/xsstrike.py /usr/local/bin/xsstrike
chmod +x /opt/xsstrike/xsstrike.py
git clone https://github.com/s0md3v/Arjun.git /opt/arjun
sudo ln -s /opt/arjun/arjun.py /usr/local/bin/arjun
@ikuamike
ikuamike / how-to-oscp-final.md
Created March 24, 2019 19:01 — forked from unfo/how-to-oscp-final.md

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.