#Wireless Penetration Testing Cheat Sheet
##WIRELESS ANTENNA
- Open the Monitor Mode
root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up
{ | |
"queries": [{ | |
"name": "--https://github.com/ZephrFish/Bloodhound-CustomQueries/--", | |
"queryList": [{ | |
"final": true, | |
"query": "" | |
}] | |
}, | |
{ | |
"name": "Return All Azure Users that are part of the 'Global Administrator' Role", |
# Crash the Windows Event Log Service remotely, needs Admin privs | |
# originally discovered by limbenjamin and accidently re-discovered by @byt3bl33d3r | |
# | |
# Once the service crashes 3 times it will not restart for 24 hours | |
# | |
# https://github.com/limbenjamin/LogServiceCrash | |
# https://limbenjamin.com/articles/crash-windows-event-logging-service.html | |
# | |
# Needs the impacket library (https://github.com/SecureAuthCorp/impacket) |
#!/bin/bash | |
while :; do | |
verf=$(cat /dev/urandom | tr -dc '0-9' | fold -w 8 | head -n 1) | |
pin=$(cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1) | |
ip=$(printf "%d.%d.%d.%d\n" "$((RANDOM % 256))" "$((RANDOM % 256))" "$((RANDOM % 256))" "$((RANDOM % 256))") | |
#!/usr/bin/env python | |
def xor(data,key): | |
return bytearray(((data[i]^key[i%len(key)]) for i in range(0,len(data)))) | |
data = bytearray(open("my_magic_bytes.jpg.enc","rb").read()) | |
# Known plaintext from wikipedia https://en.wikipedia.org/wiki/List_of_file_signatures - XOR the enc file with it first | |
#key = bytearray([0xFF,0xD8,0xFF,0xE0,0x00,0x10,0x4A,0x46,0x49,0x46,0x00,0x01]) | |
# 12 bytes key extracted from the file after the first above XOR | |
key = bytearray([0x46,0xcc,0xf9,0xa5,0x71,0xf0,0xff,0xb1,0x7e,0x41,0xcb,0x84]) |
#Wireless Penetration Testing Cheat Sheet
##WIRELESS ANTENNA
root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up
# original https://pastebin.com/zBDnzELT | |
Starting with MS-SQL 2016 MS has allowed for the inclusion of the Microsoft R Server services, permitting the execution of R scripts in the MS-SQL environment. In order for this funcitonality to be enabled, the R services for SQL server component must be installed, the server must be reconfigured to permit sp_exectue_external_script, and a user must be granted the 'EXECUTE ANY EXTERNAL SCRIPT' permission; yes, all of this is becoming increasingly more common. | |
Once these conditions are in place, SQL users will have R capabilities in their queries through the use of sp_execute_external_script(). | |
This can be 'fun'.. | |
Sample R query in MS-SQL (from MSDN): | |
#!/bin/bash | |
P="*" | |
if [ -n "$1" ]; then | |
P="$1" | |
fi | |
grep -E "\spassthru\(|\sexec\(|\spnctl_exec\(|\sproc_open\(|\spopen\(|\ssystem\(|\sshell_exec\(|\sregister_shutdown_function\(|\sregister_tick_function\(|\seval\(|\sexpect_popen\(|\sapache_child_terminate\(|\slink\(|\sposix_kill\(|\sposix_mkfifo\(|\sposix_setpgid\(|\sposix_setsid\(|\sposix_setuid\(|\sproc_close\(|\sproc_get_status\(|\sproc_nice\(|\sproc_terminate\(|\sputenv\(|\stouch\(|\salter_ini\(|\shighlight_file\(|\sshow_source\(|\sini_alter\(|\sfgetcsv\(|\sfputcsv\(|\sfpassthru\(|\sini_get_all\(|\sopenlog\(|\ssyslog\(|\srename\(|\sparse_ini_file\(|\sftp_connect\(|\sftp_ssl_connect\(|\sfsockopen\(|\spfsockopen\(|\ssocket_bind\(|\ssocket_connect\(|\ssocket_listen\(|\ssocket_create_listen\(|\ssocket_accept\(|\ssocket_getpeername\(|\ssocket_send\(|\sapache_get_modules\(|\sapache_get_version\(|\sapache_getenc\(|\sapache_note\(|\sapache_setenv\(|\sapache_request_headers\(|\sdiskfreespace\(|\sdisk_free_space\(|\sget_current_user\(|\sgetmypid\(|\sgetmyuid\(|\s |
JIRA_REST_URL="${JIRA_REST_URL:-https://MYCOMPANY.jira.com/rest/api/2}" | |
JIRA_CREDENTIALS="${JIRA_CREDENTIALS:-user:password}" | |
# https://developer.atlassian.com/jiradev/api-reference/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-discovering-meta-data-for-creating-issues | |
# https://MYCOMPANY.jira.com/rest/api/2/issue/createmeta?projectKeys=MYPROJ&issuetypeNames=MyIssueType&expand=projects.issuetypes.fields | |
# customfield_10171: My Custom Field Name 1 | |
# customfield_10172: My Custom Field Name 2 | |
# This methods create a new issue of type 'MyIssueType' in project 'MYPROJ' with 2 custom fields |
#Creates a new issue with custom fields | |
curl -D- -u uname:pass -X POST --data "{\"fields\": {\"project\": { \"id\": \"10430\" },\"summary\": \"This is a test issue\", \"description\": \"Description\",\"issuetype\": { \"id\" : \"1\"}, \"components\" : [{\"id\":\"10731\"}], \"customfield_10711\" : [{\"id\":\"10500\"}] } }" -H "Content-Type: application/json" http://localhost:8080/jira/rest/api/2/issue/ | |
#Returns all information for all versions | |
curl -D- -u uname:pass -X PUT -d "Content-Type: application/json" http://localhost:8080/jira/rest/api/2/project/AN/versions? | |
#Returns all issues in a version | |
#This URL requires the version ID of a single version which is provided by the above query | |
curl -D- -u uname:pass -X PUT -d "Content-Type: application/json" http://localhost:8080/jira/rest/api/2/search?jql=project="AN"+AND+fixVersion='12345' |
#Creates a new issue with custom fields | |
curl -D- -u uname:pass -X POST --data "{\"fields\": {\"project\": { \"id\": \"10430\" },\"summary\": \"This is a test issue\", \"description\": \"Description\",\"issuetype\": { \"id\" : \"1\"}, \"components\" : [{\"id\":\"10731\"}], \"customfield_10711\" : [{\"id\":\"10500\"}] } }" -H "Content-Type: application/json" http://localhost:8080/jira/rest/api/2/issue/ | |
#Returns all information on an issue | |
curl -D- -u uname:pass -X PUT -d "Content-Type: application/json" http://localhost:8080/jira/rest/api/2/issue/KEY-12345 | |
#Adds a comment to an existing issue | |
curl -D- -u uname:pass -X PUT -d "{\"update\": {\"comment\": [{\"add\": {\"body\": \"Comment added when resolving issue\"}}]}}" -H "Content-Type: application/json" http://localhost:8080/jira/rest/api/2/issue/KEY-12345 | |
#Transitions an issue |