- Recon
- Find vuln
- Exploit
- Document it
Unicornscans in cli, nmap in msfconsole to help store loot in database.
.... there is more before this... but to big. | |
104965.818:02f8:0304:trace:seh:NtQueryInformationThread (0x8c,0,0xb9e1e0,30,(nil)) | |
104965.818:02f8:0304:trace:seh:NtQueryInformationThread (0x8c,0,0xb9e1e0,30,(nil)) | |
104965.818:02f8:0304:trace:seh:NtQueryInformationThread (0x8c,0,0xb9e1e0,30,(nil)) | |
104965.818:02f8:0304:trace:seh:NtQueryInformationThread (0x8c,0,0xb9e1e0,30,(nil)) | |
104965.818:02f8:0304:trace:seh:NtQueryInformationThread (0x8c,0,0xb9e1e0,30,(nil)) | |
104965.818:02f8:0304:trace:seh:NtQueryInformationThread (0x8c,0,0xb9e1e0,30,(nil)) | |
104965.819:02f8:0304:trace:seh:NtQueryInformationThread (0x8c,0,0xb9e1e0,30,(nil)) | |
104965.819:02f8:0304:trace:seh:NtQueryInformationThread (0x8c,0,0xb9e1e0,30,(nil)) |
Installing Arch: | |
sudo vim /etc/pacman.conf | |
Update packages list: sudo pacman -Syy | |
run sudo pacman -Syu before installing any software (to update the repositories first) | |
* Timing issue: | |
- Change hardware clock to use UTC time: | |
sudo timedatectl set-local-rtc 0 |
# for background in 16 color terminal, valid background colors include: | |
# base03, bg, black, any of the non brights | |
# style notes: | |
# when bg=235, that's a highlighted message | |
# normal bg=233 | |
# basic colors --------------------------------------------------------- | |
# color normal brightyellow default | |
color error color196 color235 # message line error text |
#!/bin/bash | |
set -eu | |
URL=$1 | |
SECLIST="${HOME}/herramientas/diccionarios/SecLists/Discovery/Web_Content" | |
MIDDIR="/usr/share/dirbuster/directory-list-2.3-medium.txt" | |
declare -a FILES=("tomcat.txt" "nginx.txt" "apache.txt" "Top1000-RobotsDisallowed.txt" "ApacheTomcat.fuzz.txt" "sharepoint.txt" "iis.txt") | |
EXTENSIONS=("txt,php,doc,docx") | |
GOB="/bin/gobuster" | |
OUTPUT="${URL}-results" |
import sys | |
import requests | |
import threading | |
import HTMLParser | |
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler | |
''' | |
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration | |
Author: @xassiz | |
''' |
This turns https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt | |
into a Remote Command Execution: | |
NOTE: It relies on the PHP expect module being loaded | |
(see http://de.php.net/manual/en/book.expect.php) | |
joern@vbox-1:/tmp$ cat /var/www/server.php | |
<? | |
require_once("/usr/share/php/libzend-framework-php/Zend/Loader/Autoloader.php"); | |
Zend_Loader_Autoloader::getInstance(); |
I hereby claim:
To claim this, I am signing this object:
#!/bin/env ruby | |
# Hispgatos | |
# by ReK2, Fernandez Chris | |
# https://keybase.io/cfernandez | |
# Bruteforce password protected documents hidden inside images | |
# add you dictionary below to the dic variable | |
# of course you need to have installed steghide | |
require 'open3' |
# OBJECTIVE: Install Arch Linux with encrypted root and swap filesystems and boot from UEFI. | |
# Note: This method supports both dedicated Arch installs and those who wish to install Arch on a multi-OS-UEFI booting system. | |
# The official Arch installation guide contains details that you should refer to during this installation process. | |
# That guide resides at: https://wiki.archlinux.org/index.php/Installation_Guide | |
# Download the archlinux-*.iso image from https://www.archlinux.org/download/ and its GnuPG signature. | |
# Use gpg --verify to ensure your archlinux-*.iso is exactly what the Arch developers intended. For example: |