Skip to content

Instantly share code, notes, and snippets.

View RunInWindowsSandbox.wsb
<!-- https://github.com/ealtili/Blog/blob/master/WindowsSandbox.md -->
<!-- https://github.com/microsoft/Windows-Sandbox-Utilities -->
<!-- https://github.com/damienvanrobaeys/Run-in-Sandbox -->
<!-- http://www.systanddeploy.com/2019/06/run-file-in-windows-sandbox-from-right.html -->
<!-- http://www.systanddeploy.com/2019/07/windows-sandbox-editor-update.html -->
<Configuration>
<VGpu>Default</VGpu>
<Networking>Default</Networking>
<MappedFolders>
<MappedFolder>
@ricardojba
ricardojba / customqueries.json
Created Mar 15, 2021
BloodHound customqueries.json
View customqueries.json
# BloodHound customqueries.json
# Combo of:
# https://github.com/awsmhacks/awsmBloodhoundCustomQueries
# https://github.com/hausec/Bloodhound-Custom-Queries
# Copy paste to:
# Windows : %USERPROFILE%\AppData\Roaming\bloodhound\customqueries.json
# OSX: ~/Library/Application Support/bloodhound/customqueries.json
# NIX: ~/.config/bloodhound/customqueries.json
#
#
@ricardojba
ricardojba / eventvwr_crash.py
Created Sep 26, 2020 — forked from byt3bl33d3r/eventvwr_crash.py
Crash the Windows Event Log service remotely (needs admin privs)
View eventvwr_crash.py
# Crash the Windows Event Log Service remotely, needs Admin privs
# originally discovered by limbenjamin and accidently re-discovered by @byt3bl33d3r
#
# Once the service crashes 3 times it will not restart for 24 hours
#
# https://github.com/limbenjamin/LogServiceCrash
# https://limbenjamin.com/articles/crash-windows-event-logging-service.html
#
# Needs the impacket library (https://github.com/SecureAuthCorp/impacket)
@ricardojba
ricardojba / trash.sh
Created Aug 14, 2020 — forked from geek-at/trash.sh
The script used to trash a banking phishing site
View trash.sh
#!/bin/bash
while :; do
verf=$(cat /dev/urandom | tr -dc '0-9' | fold -w 8 | head -n 1)
pin=$(cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1)
ip=$(printf "%d.%d.%d.%d\n" "$((RANDOM % 256))" "$((RANDOM % 256))" "$((RANDOM % 256))" "$((RANDOM % 256))")
View xor.py
#!/usr/bin/env python
def xor(data,key):
return bytearray(((data[i]^key[i%len(key)]) for i in range(0,len(data))))
data = bytearray(open("my_magic_bytes.jpg.enc","rb").read())
# Known plaintext from wikipedia https://en.wikipedia.org/wiki/List_of_file_signatures - XOR the enc file with it first
#key = bytearray([0xFF,0xD8,0xFF,0xE0,0x00,0x10,0x4A,0x46,0x49,0x46,0x00,0x01])
# 12 bytes key extracted from the file after the first above XOR
key = bytearray([0x46,0xcc,0xf9,0xa5,0x71,0xf0,0xff,0xb1,0x7e,0x41,0xcb,0x84])
View Fuzzing path traversal
../{FILE}
../../{FILE}
../../../{FILE}
../../../../{FILE}
../../../../../{FILE}
../../../../../../{FILE}
../../../../../../../{FILE}
../../../../../../../../{FILE}
..%2f{FILE}
..%2f..%2f{FILE}
View Wireless Penetration Testing Cheat Sheet.md

#Wireless Penetration Testing Cheat Sheet

##WIRELESS ANTENNA

  • Open the Monitor Mode
root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up
View gist:ab090df0b0c294f09940213e526e728f
# original https://pastebin.com/zBDnzELT
Starting with MS-SQL 2016 MS has allowed for the inclusion of the Microsoft R Server services, permitting the execution of R scripts in the MS-SQL environment. In order for this funcitonality to be enabled, the R services for SQL server component must be installed, the server must be reconfigured to permit sp_exectue_external_script, and a user must be granted the 'EXECUTE ANY EXTERNAL SCRIPT' permission; yes, all of this is becoming increasingly more common.
Once these conditions are in place, SQL users will have R capabilities in their queries through the use of sp_execute_external_script().
This can be 'fun'..
Sample R query in MS-SQL (from MSDN):
View Kali_Desktop_Environments_Installation_and_Removal.md

XFCE Desktop


How to install XFCE Desktop Environment in Kali Linux:

Command:

apt-get install kali-defaults kali-root-login desktop-base xfce4 xfce4-places-plugin xfce4-goodies

How to remove XFCE in Kali Linux:

Command:

@ricardojba
ricardojba / php-egrep-sast-scan.sh
Created Sep 3, 2019 — forked from mgeeky/php-egrep-sast-scan.sh
egrep expression to scan PHP sources for invocation of potentially dangerous functions.
View php-egrep-sast-scan.sh
#!/bin/bash
P="*"
if [ -n "$1" ]; then
P="$1"
fi
grep -E "\spassthru\(|\sexec\(|\spnctl_exec\(|\sproc_open\(|\spopen\(|\ssystem\(|\sshell_exec\(|\sregister_shutdown_function\(|\sregister_tick_function\(|\seval\(|\sexpect_popen\(|\sapache_child_terminate\(|\slink\(|\sposix_kill\(|\sposix_mkfifo\(|\sposix_setpgid\(|\sposix_setsid\(|\sposix_setuid\(|\sproc_close\(|\sproc_get_status\(|\sproc_nice\(|\sproc_terminate\(|\sputenv\(|\stouch\(|\salter_ini\(|\shighlight_file\(|\sshow_source\(|\sini_alter\(|\sfgetcsv\(|\sfputcsv\(|\sfpassthru\(|\sini_get_all\(|\sopenlog\(|\ssyslog\(|\srename\(|\sparse_ini_file\(|\sftp_connect\(|\sftp_ssl_connect\(|\sfsockopen\(|\spfsockopen\(|\ssocket_bind\(|\ssocket_connect\(|\ssocket_listen\(|\ssocket_create_listen\(|\ssocket_accept\(|\ssocket_getpeername\(|\ssocket_send\(|\sapache_get_modules\(|\sapache_get_version\(|\sapache_getenc\(|\sapache_note\(|\sapache_setenv\(|\sapache_request_headers\(|\sdiskfreespace\(|\sdisk_free_space\(|\sget_current_user\(|\sgetmypid\(|\sgetmyuid\(|\s