Skip to content

Instantly share code, notes, and snippets.

View andreafortuna's full-sized avatar

Andrea Fortuna andreafortuna

View GitHub Profile
#include ...
#define ORIGINAL_LIBNSS "/original_libnss_files.so.2"
#define LIBNSS_PATH "/lib/x86_64-linux-gnu/libnss_files.so.2"
bool is_priviliged();
__attribute__ ((constructor)) void run_at_link(void)
{
char * argv_break[2];
@andreafortuna
andreafortuna / ServiceAccounts.ps1
Created November 7, 2019 14:23
Powershell script to read service configuration from all Windows servers in the current domain and generate report listing all domain accounts used as service logon account
<#
Service account report scrip that reads service configuration from
all Windows servers in the current domain and generate a report listing all
domain accounts used as service logon account.
By Andrea Fortuna (andrea@andreafortuna.org)
*** Based on "report-service-accounts.ps1" by Gleb Yourchenko (fnugry@null.net) ***
#>

Keybase proof

I hereby claim:

  • I am andreafortuna on github.
  • I am andrea_fortuna (https://keybase.io/andrea_fortuna) on keybase.
  • I have a public key whose fingerprint is F08A 2478 ACEB D77B 8A11 6A43 A705 D2DA 05FF 95C5

To claim this, I am signing this object:

@andreafortuna
andreafortuna / GPPDecrypt.ps1
Created November 27, 2018 14:38
Group Policy Preferences Decoder
param (
[string]$cpassword
)
function Get-DecryptedCpassword {
[CmdletBinding()]
Param (
[string] $Cpassword
)
@andreafortuna
andreafortuna / GPPDecrypt.py
Created November 27, 2018 14:33
Group Policy Preference Password Decoder
#!/usr/bin/env python3
import base64
from Crypto.Cipher import AES
def decrypt(encrypt_str):
padding = "=" * (4 - len(encrypt_str) % 4)
encrypt_str = encrypt_str + padding
encrypt_str = base64.b64decode(encrypt_str)
# Public available AES key on https://msdn.microsoft.com/en-us/library/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be.aspx?f=255&MSPPError=-2147217396
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Optionsbleed proof of concept test
# by Hanno Böck
import argparse
import urllib3
import re
@andreafortuna
andreafortuna / screenshot.sh
Created July 8, 2017 12:50
Screenshot with Imagemagick
#!/bin/bash
TS=`date +%s`.png
/usr/bin/import ~/Immagini/$TS > ~/logs/ss.log 2>&1
xclip -selection clipboard -t image/png -i ~/Images/$TS >> ~/logs/ss.log 2>&1
notify-send "Screenshot saved into ~/Immagini/$TS and into clipboard" -t 3
@andreafortuna
andreafortuna / notpetyavaccine.ps1
Created June 28, 2017 07:28
Local vaccine for #Petya / #NotPetya
$extensions = "", ".dat", ".dll"
$baseFileName = "C:\windows\perfc"
foreach ($extension in $extensions)
{
$outFile = "{0}{1}" -f $baseFileName, $extension
Write-Host ("Creating file: {0}" -f $baseFileName)
New-Item $outFile -ItemType file -Value "Road block for Petya." -Force
@andreafortuna
andreafortuna / brightness.sh
Last active April 20, 2023 17:40
Simple script to modify screen brightness
#!/bin/bash
# Simple script to modify screen brightness
# USAGE:
# brightness.sh +20 (Increase brightness by 20%)
basedir="/sys/class/backlight/"
# get the backlight handler
handler=$basedir$(ls $basedir)"/"
#!/bin/bash
#Simple script for VirtuaBox filesystem bodyfile creation
# Usage: vbfilesystembodyfile.sh <VM name>
disk=`echo $( sudo VBoxManage showvminfo $1|grep "vdi\|vmdk"|head -n 1|cut -d ":" -f 2|cut -d "(" -f 1)|xargs`
VBoxManage clonemedium $disk ./$1.raw --format=raw
offset=$(mmls $1.raw -a | grep `mmls $1.raw -a | grep "000:" | cut -d " " -f 9 | sort -r | head -1` | cut -d " " -f 6 | bc)
fls -o $offset -r -m / $1.raw > $1.bodyfile
rm $1.raw