Random red4 notes
Scripts and tools for red teams, bug bountys and so on.
Enumeration
FTP Enumeration
- Try using absolue paths which are not visible from the current top level PWD (especially Microsoft FTP)
JavaScript Deobfuscator and Unpacker
https://lelinhtinh.github.io/de4js/
Exploits
- exploit-db, searchsploit are only as useful as the folks submitting material to them. Lots of exploit writers publish on github and that's it.
Persistence
- Upload files via webdav (e.g. keys)
Persistence LOL
- uploads via forms, execute from upload directory
Generally useful stuff:
- Grab discovered git repos with git-dumper