Skip to content

Instantly share code, notes, and snippets.

@NotMedic
NotMedic / Notes.txt
Created Jan 15, 2020
Group Managed Service Account Password Retrieval
View Notes.txt
#From: https://www.dsinternals.com/en/retrieving-cleartext-gmsa-passwords-from-active-directory/
#Install the DSInterals Powershell Module
Install-Module -Name DSInternals -Force
#Import it.
Import-Module DSInternals
#Identify which users can recover the GMSA Account's Password. Compromise one of those Principals.
Get-ADServiceAccount -Identity GMSAccount -Properties PrincipalsAllowedToRetrieveManagedPassword
@NotMedic
NotMedic / Instructions.md
Created Nov 7, 2019
Headless Remote Chrome Debugging - Ichabod Chrome :)
View Instructions.md

Target

Start Chrome with the following flags:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

--remote-debugging-port=9222

--remote-debugging-address=0.0.0.0

@NotMedic
NotMedic / TestAssembly.cs
Last active Jul 23, 2020 — forked from Arno0x/TestAssembly.cs
This code shows how to load a CLR in an unmanaged process, then load an assembly from memory (not from a file) and execute a method
View TestAssembly.cs
/*
================================ Compile as a .Net DLL ==============================
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs
*/
using System.Windows.Forms;
namespace TestNamespace
@NotMedic
NotMedic / gcp-gpu-vm-hashcat.md
Created May 3, 2019 — forked from koenrh/gcp-gpu-vm-hashcat.md
Running Hashcat on Google Cloud's new GPU-based VMs
View gcp-gpu-vm-hashcat.md

Running Hashcat on Google Cloud's GPU-based VMs

In February 2017, Google announced the availability GPU-based VMs. I spun up a few of these instances, and ran some benchmarks. Along the way, I wrote down the steps taken to provision these VM instances, and install relevant drivers.

Update April 2019: Updated instructions to use instances with the Tesla T4 GPUs.

@NotMedic
NotMedic / markvulnerable.py
Last active Jul 11, 2019
Script to mark hosts as vulnerable in Bloodhound.
View markvulnerable.py
#!/usr/bin/python
import sys, json, urllib, urllib2
#Define the Bloodhound Database
url = 'http://bloodhound-server:7474/db/data/cypher/'
#Define the Bloodhound Credentials
#echo neo4j:bloodhound | base64
base64auth = 'bmVvNGo6Ymxvb2Rob3VuZA=='
request = urllib2.Request(url)
@NotMedic
NotMedic / Instructions.txt
Created Dec 2, 2018
Siri -> HomeBridge -> HomeBridge-ssh -> iptables
View Instructions.txt
This is a pretty simple setup:
Siri is used to control Homebridge using the HomeKit protocol.
Homebridge has a module named Homebridge-ssh that allows you to run commands over ssh.
There is a shell script on an OpenWrt box to enable, disable, and check the status of a MAC Address block in the FORWARD table.
1. Install node on your platform. I went with 8.9 for no specific reason other than I initially had issues with 10 that probably weren't related..
2. Install homebridge and homebridge-ssh. You should probably also put hombridge-config-ui-x on there too... I used the unsafe-perm parameter after getting a significant number of errors:
sudo -i npm install -g homebridge --unsafe-perm
sudo -i npm install -g homebridge-ssh --unsafe-perm