Skip to content

Instantly share code, notes, and snippets.

@BeanBagKing
BeanBagKing / hashcat_help.txt
Created Nov 8, 2016
Hashcat Help Documentation
View hashcat_help.txt
hashcat64.exe -a 0 -w 0 -m 1000 -r rules/lmNTLM.rule hashes/ntlm.txt lists/lab.txt
hashcat64.exe -a 0 -w 1 -m 1800 hashes/unixmd5.txt lists/rockyou.txt
hashcat64.exe -a 3 -w 1 -m 1800 --increment ?a?a?a?a?a hashes/unixmd5.txt
C:\hashcat-3.10>hashcat64.exe -h
hashcat, advanced password recovery
Usage: hashcat [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...
@BeanBagKing
BeanBagKing / sus_commands.py
Last active Jun 8, 2021
Returns an English letter frequency score for command line logs.
View sus_commands.py
#!/usr/bin/python3
# Article reference: https://nullsec.us/finding-unusual-powershell-with-frequency-analysis/
import urllib
import httplib2
from xml.dom import minidom
import math
baseurl = 'https://<domain>.splunkcloud.com:8089'
View catsploit.sh
#!/bin/bash
#######
#
# Opens searchsploit results in Sublime
#
#######
script=$1
YEL='\033[1;33m'
View update.sh
#!/bin/bash
echo "-------------------------------"
echo " Current Version Info Follows: "
echo "-------------------------------"
lsb_release -i
lsb_release -r
lsb_release -d
lsb_release -c
printf "Kernal Version: ";uname -r
View nslookup.bat
REM Performs nslookup on a list of IP's
for /F %i in (iplist.txt) do @nslookup %i 8.8.8.8 2>nul | find "Name" && echo %i
View mapDrive.ps1
# This was, ideally, a way to map SharePoint drives as network drives in Windows. I don't believe I ever got it working, but maybe
# it will come in handy for someone.
# http://community.office365.com/en-us/f/173/t/286802.aspx
# Reference the above for "steps"
# Adds sharepoint.com to the list of trusted sites
# AKA Step 1
View detectFolder.ps1
# For servers in list, check if the folder exists
# Useful for detecting user folders, installed programs, etc.
Get-Content C:\Users\UserName\Desktop\DetectFolder\servers.txt | `
Select-Object @{Name='ComputerName';Expression={$_}},@{Name='FolderExist';Expression={ Test-Path "\\$_\c$\program files"}}
View decode.sh
#!/bin/bash
string=$1
YEL='\033[1;33m'
NC='\033[0m' # No Color
if [ -z $string ]; then
echo "Usage: `basename $0` [BASE64 STRING]"
exit 1
fi
@BeanBagKing
BeanBagKing / cookie_thief.php
Last active Apr 24, 2021
PHP Cookie Thief with Information Logging
View cookie_thief.php
@BeanBagKing
BeanBagKing / hunting.sh
Last active Apr 24, 2021
Hunting One Liners
View hunting.sh
# Linux - Look for attempts to hide files (note the spaces)
find / \( -name '. ' -o -name '.. ' -o -name '...' -o -name ' ' \)
# Linux - Find last 20 modified files
### Excluded directoreis for /proc, /sys
### Excludes /tmp/sort* as these are used by this process
##### Exclude directory - find . -type d \( -path dir1 -o -path dir2 -o -path dir3 \) -prune -o -print
find / -type d \( -path /proc -o -path /sys \) -prune -o -print -type f ! -wholename "/tmp/sort*" -exec stat --format '%Y :%y %n' "{}" \; | sort -nr | cut -d: -f2- | head
# Find 20 largest files