Skip to main content

Posts

Instaling Mythic C2 on Kali Linux

  Download the repo git clone https://github.com/its-a-feature/Mythic.git cd Mythic #Make the setup file sudo make Installing Docker sudo apt update sudo apt install -y docker.io sudo systemctl enable docker --now echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" | \ sudo tee /etc/apt/sources.list.d/docker.list curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg sudo apt update sudo apt install -y docker-ce docker-ce-cli containerd.io Log out of Kali Session and re-Login   Running Mythic #Start Mythic - give it few mins to download and setup containers - first time only sudo ./mythic-cli start #on your browser - go to https://127.0.0.1:7443/new/login #Finding Creds default username is mythic_admin #Mythic Password - you can find it in .env file in Mythic Directory nano ./env ctrl+F --> MYTHIC_ADMIN_PASSWORD or sudo ./mythic-cli config | gr
Recent posts

Secure Source Code Review - PHP

  Semgrep #Installation pip install semgrep==1.54.3 #Use below script to run it; update the paths in the script wget https://raw.githubusercontent.com/Bhanunamikaze/PenTest-Scripts/refs/heads/main/semgrep_runner.py #Download the rules git clone https://github.com/Bhanunamikaze/SemgrepRules-PHP.git PHP Code Snipper Download phpcs.phar file from PHP_CodeSniffer Releases sudo apt-get install php-tokenizer php-xml php phpcs.phar /path/to/PHP_Code Visual Code Grepper https://github.com/nccgroup/VCG/tree/master GitHub - tcosolutions/betterscan: Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan For NodeJS GitHub - insidersec/insider: Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (M

Web Pentest - Recon

  Refer to Simple WebPentest Checklist Subdomain Enumeration git clone https://github.com/TheRook/subbrute.git python subbrute.py domain.com > subdomains.txt git clone https://github.com/infosec-au/altdns.git altdns -i subdomains.txt -o data_output -w words.txt -r -s results_output.txt #paste the list into Bulk URL HTTP Status Code, Header & Redirect Checker | httpstatus.io # this will give live hosts status make sure to check subdomain of the sub-domains #Other Tools amass enum -passive -norecursive -noalts –df domin.txt -o subs-1.txt amass enum -passive -norecursive -noalts –df subs-1.txt -o all-sub.txt Recon Automation #Better use https://github.com/smicallef/spiderfoot - this automates most of the basic tasks #use ReconFTW git clone https://github.com/six2dez/reconftw cd reconftw/ ./install.sh ./reconftw.sh -d target.com -r #or Setup a container docker pull six2dez/reconftw:main docker run -it --rm \ -v "${PWD}/OutputFolder/":'/reconftw/Recon

ffmpeg

Create a Video from an Image - Video will be an image - Audio will be taken from the input video/audio file (-i 142.mp4) - Output file will be generated with Image as a video and audio from the input file  #USE CPU ffmpeg -loop 1 -framerate 1 -i image.jpg -i 142.mp4 -map 0 -map 1:a -c:v libx264 -preset ultrafast -tune stillimage -vf fps=10,format=yuv420p -c:a copy -shortest 142_output.mp4 # USE GPU ffmpeg -loop 1 -framerate 1 -i image.jpg -i 156.mp4 -map 0 -map 1:a -c:v h264_nvenc -preset fast -tune hq -vf fps=10,scale=1920:1080,format=yuv420p -c:a copy -shortest 156_output.mp4 Batch Script to Take a list of .mp4 files as input and create a new video file with 'video as a still image' and audio from the given audio file

Pentesting Kibana, Elastic Search - Port 5601, 9200

  #Service Name and Version info - if no info is displayed, requires Auth curl 10.10.10.10:9200/ #Default Creds curl -X GET http://admin:elasticadmin@10.10.10.10:9200/ curl -X GET http://elastic:changeme@10.10.10.10:9200/ #Bruteforce Creds hydra -L usernames.txt -P passwords.txt <target-ip> -s 9200 http-get / ALL PATHS _cat /_cluster /_security /_cat/segments /_cluster/allocation/explain /_security/user /_cat/shards /_cluster/settings /_security/privilege /_cat/repositories /_cluster/health /_security/role_mapping /_cat/recovery /_cluster/state /_security/role /_cat/plugins /_cluster/stats /_security/api_key /_cat/pending_tasks /_cluster/pending_tasks /_cat/nodes /_nodes /_cat/tasks /_nodes/usage /_cat/templates /_nodes/hot_threads /_cat/thread_pool /_nodes/stats /_cat/ml/trained_models /_tasks /_cat/transforms/_all /_remote/info /_cat/aliases /_cat/allocation /_cat/ml/anomaly_detectors /_cat/count /_cat/ml/data_frame/analytics /_cat/ml/datafeeds /_cat/fielddata /_cat/health /_