Skip to content

Instantly share code, notes, and snippets.

View 3xocyte's full-sized avatar

Matt Bush 3xocyte

116 followers · 4 following
  • Atlassian
  • Melbourne, Australia
View GitHub Profile
@3xocyte
3xocyte / tcpshell.cs
Last active August 13, 2018 07:42
Reverse TCP shell with PS runspace
using System;
using System.Text;
using System.Net.Sockets;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Collections.ObjectModel;
using System.Diagnostics;
// reverse TCP shell with powershell runspace
// by @3xocyte
@3xocyte
3xocyte / scriptinjector.cs
Last active October 6, 2018 00:19
a small buggy utility inspired by chapter 10 of Black Hat Python by Justin Seitz
using System;
using System.IO;
using System.Text;
using System.Linq;
using System.Collections.Generic;
// ephemeral script injector by @3xocyte
// takes a target directory to watch, and an OS command to attempt to inject into any scripts that get modified
namespace FileContentInjector
@3xocyte
3xocyte / chromedump2.py
Last active February 8, 2021 10:22
agentless Google Chrome post-exploitation script
#!/usr/bin/env python3
# by Matt Bush (@3xocyte)
import os
import sys
import logging
import argparse
import traceback
import time
@3xocyte
3xocyte / sc-cdb.py
Last active March 23, 2022 07:47
shellcode to cbd.exe
#!/usr/bin/env python
# run: cdb.exe -cf output.wds -o calc.exe
# From: http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html
src = open('shellcode', 'r')
sc = src.read()
src.close
copy = ";eb @$t0+"
@3xocyte
3xocyte / create_machine_account.py
Last active February 21, 2023 03:50
simple script for experimenting with machine account creation
#!/usr/bin/env python
import argparse
import sys
import string
import random
# https://support.microsoft.com/en-au/help/243327/default-limit-to-number-of-workstations-a-user-can-join-to-the-domain
# create machine account utility by @3xocyte
# with thanks to Kevin Robertson for https://github.com/Kevin-Robertson/Powermad/blob/master/Powermad.ps1
@3xocyte
3xocyte / icmpshell.cs
Created August 13, 2018 10:30
ICMP reverse shell (icmpsh compatible)
using System;
using System.IO;
using System.Text;
using System.Net.NetworkInformation;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Threading;
using System.Collections.ObjectModel;
// .NET ICMP reverse shell client with PowerShell runspace by @3xocyte
@3xocyte
3xocyte / resolve_domain_computers.py
Last active February 2, 2025 05:24
get /etc/hosts entries for computers in Active Directory
#!/usr/bin/env python
# resolve domain computers by @3xocyte
import argparse
import sys
import string
# requires dnspython and ldap3
import dns.resolver
from ldap3 import Server, Connection, NTLM, ALL, SUBTREE
@3xocyte
3xocyte / adidns_records.py
Last active July 11, 2025 09:11
get /etc/hosts entries from ADIDNS
#!/usr/bin/env python
import argparse
import sys
import binascii
import socket
import re
from ldap3 import Server, Connection, NTLM, ALL, SUBTREE, ALL_ATTRIBUTES
# get /etc/hosts entries for domain-joined computers from A and AAAA records (via LDAP/ADIDNS) (@3xocyte)
@3xocyte
3xocyte / rbcd_relay.py
Last active July 31, 2025 14:25
poc resource-based constrain delegation relay attack tool
#!/usr/bin/env python
# for more info: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
# this is a *very* rough PoC
import SimpleHTTPServer
import SocketServer
import base64
import random
import struct
@3xocyte
3xocyte / lazykatz.py
Last active October 24, 2025 05:25
quickly dump creds from a box you've pwned while living off the land (feat. obfuscation and pypykatz automation)
#!/usr/bin/env python3
import argparse
import sys
import logging
import random
import string
import os
from time import sleep