Skip to content

Instantly share code, notes, and snippets.

View Y0ung-DST's full-sized avatar
🇲🇦

y0ung_dst Y0ung-DST

🇲🇦
102 followers · 113 following
View GitHub Profile
@Y0ung-DST
Y0ung-DST / List of API endpoints & objects
Created February 7, 2023 00:00 — forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@Y0ung-DST
Y0ung-DST / PowerView-3.0-tricks.ps1
Created November 25, 2022 11:39 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@Y0ung-DST
Y0ung-DST / kerberos_attacks_cheatsheet.md
Created September 18, 2022 22:29 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@Y0ung-DST
Y0ung-DST / CVE-2021-26723
Last active May 8, 2021 21:33
# Exploit Title: Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
# Google Dork: Jenzabar — v9.2.0 / v9.2.1 / v9.2.2
# Date: 2021–02–05
# Exploit Author: y0ung_dst
# Vendor Homepage: https://jenzabar.com
# Version: Jenzabar — v9.2.0-v9.2.1-v9.2.2 (and maybe other versions)
# Tested on: Windows 10
# CVE : CVE-2021-26723