| using NtApiDotNet; | |
| using NtApiDotNet.Ndr.Marshal; | |
| using NtApiDotNet.Win32; | |
| using NtApiDotNet.Win32.Rpc.Transport; | |
| using NtApiDotNet.Win32.Security.Authentication; | |
| using NtApiDotNet.Win32.Security.Authentication.Kerberos; | |
| using NtApiDotNet.Win32.Security.Authentication.Kerberos.Client; | |
| using NtApiDotNet.Win32.Security.Authentication.Kerberos.Server; | |
| using NtApiDotNet.Win32.Security.Authentication.Logon; | |
| using System; |
| $elevated = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) | |
| function Show-Menu { | |
| Clear-Host | |
| Write-Host "======================================================" | |
| Write-Host "================ Give Back Control ================" | |
| Write-Host "======================================================" | |
| if($elevated -eq $true){ | |
| Write-Host "Local Admin: " -ForegroundColor white -NoNewline; Write-Host $elevated -ForegroundColor Green | |
| Write-Host "We have superpowers. Ready to continue." |
Let pwn the box Scrambled from HackTheBox using only NetExec ! For context, I was reading Scrambled writeup from 0xdf_ when I read this:
smbclient won’t work, and I wasn’t able to get crackmapexec to work either.
To be fair, at the time of his writeup it was true, but not anymore and it's pretty simple with NXC, 5 minutes and you get root :)
Note: I will pass the web part where we get one username : ksimpson
| #!/bin/bash | |
| # Decompress a .cpio.gz packed file system | |
| rm -rf ./initramfs && mkdir initramfs | |
| pushd . && pushd initramfs | |
| cp ../initramfs.cpio.gz . | |
| gzip -dc initramfs.cpio.gz | cpio -idm &>/dev/null && rm initramfs.cpio.gz | |
| popd |
| <# | |
| .SYNOPSIS | |
| List common security processes running! | |
| Author: @r00t-3xp10it (ssa redteam) | |
| Tested Under: Windows 10 (19043) x64 bits | |
| Required Dependencies: Get-WmiObject, Get-Process {native} | |
| Optional Dependencies: Get-MpPreference, Get-ChildItem {native} | |
| PS cmdlet Dev version: v2.3.18 |
Obtained binaries from Discord server. The download link: https://drive.google.com/file/d/1xPP9R2VKmJ9jwNY_1xf1sVVHlxZIsLcg
Basic information about binaries. There are two main versions of the program in question:
aimful-kucoin.exe and aimful-binance.exe. They are both Windows executables. From the FAQ section of the discord server, the following information is available:
In what language was this bot written?
- Python.
| >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> | |
| >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> | |
| >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> | |
| >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> | |
| >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> | |
| >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> | |
| >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> | |
| >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> | |
| >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> | |
| >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> |
An easy way to start the embedded PHP web server with the multi-thread option enabled or simulated when necessary.
In all of my coding projects, I like to follow these principles:
| // SPDX-License-Identifier: GPL-2.0 | |
| /* | |
| * Experiment to replace malloc(3)/calloc(3)/realloc(3)/free(3) with custom | |
| * allocator 32 byte aligned. | |
| * | |
| * @author Ammar Faizi <ammarfaizi2@gmail.com> https://www.facebook.com/ammarfaizi2 | |
| * @license GPL-2.0 | |
| * | |
| * gcc -Wall -Wextra -O3 -shared -fPIC mem.c -o mem.so | |
| * LD_PRELOAD=$(pwd)/mem.so your_program |
