My name is Sergio, I'm a junior pentester, bug bounty hunter & CTF player, actually owning eJPTv2, eCPPTv2 and OSCP, (eWPTXv2 coming soon).
Hackerone as a Bug Bounty Hunter.
Pentesting & Red Teaming.
Name: SezioS
Type: User
Bio: OSCP | eCPPTv2 | eJPTv2 | road to eWPTXv2 Pentesting | Red Team | CTF Player
Location: Madrid
Automated Bash Script To Enumerate an Active Directory
Script made for bypassing antivirus using Powershell Injection method. Place your shellcode from msfvenom on line 15, the script can be combined with the UAC bypass technique in order to gain a privileged reverse shell.
This is a self made bash script to enumerate for Bug Bounty Proposals
Bludit <= 3.9.2 - Authentication Bruteforce Mitigation Bypass Exploit/PoC
CVE-2021-40438 Apache <= 2.4.48 SSRF exploit
This script combines a host discovery & TCP port scan for the discovered hosts.
DNS zone transfer automated script.
Personal CheatSheet used for the exam made with Obsidian, download the repo and use the resources within Obsidian for a better experience. CHISEL & SOCAT BINARIES ARE WITHIN THE PIVOTING SECTION.
eJPTv2 Cheatsheet for the exam, with commands and tools shown in the course.
GodPotato Windows 11 - Server 2022 SeImpersonatePrivilege exploit
This is a PowerShell script made for scanning hosts & ports that are connected to a Windows host, the scripts ask you for the input of an IP that are discovered doing ipconfig /all and then starts the scan of hosts, and if a host is discovered then starts a port scan.
This is a python3 script that reads the info of the ip a command and starts a host discovery and port scan for the discovered hosts.
This is a host scanner script made in bash, for /24 nets, thought-out for pivoting internal networks from a Linux Host that you have access, you just need to create the scanner file in the Linux host that has internal networks that you want to scan and copy the script content in there and modify what you need.
Just a place to share some things I've written while participating in Hack The Box.
LFI / RCE Unauthenticated - Apache 2.4.49 & 2.4.50
Netcat for windows 32/64 bit
The procmon script is used to monitorize commands that were ran or will run on the system, in order to make privilege escalation and lateral movement on a Linux target.
Python3 PowerShell Encoded Reverse Shell Payload Creator
Python3 script that uses a given wordlist for doing subdomain enumeration or directories enumeration.
This is a bash script made for enumerating SMB users via rpcclient, modify the IP that you're aiming inside the script
Herramienta en Bash ideal para extraer la información más relevante de un dominio vía rpcclient.
These are bash scripts made for automating the exploitation of Blind SQL Injection Vulnerabilities
My personal repository
Python3 shellshock exploit, for ethical hacking/pentesting purposes only. Use it at your own risk. I'm not responisble if you use it with illegal purposes.
Automated script that enumerates SMTP users with the VRFY method
SNMP enumeration automated Tools in python3 and bash
Some Python Pentesting Scripts. (subdomain and directory enumeration, network and port scanner, file downloader, hash cracker, Keylogger and SSH Bruteforcer)
SSH User Enumerator in Python3, CVE-2018-15473, I updated the code of this exploit (https://www.exploit-db.com/exploits/45939) to work with python3 instead of python2.
Wordlists for creating statistically likely username lists for use in password attacks and security testing
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.