Skip to content

Instantly share code, notes, and snippets.

View audibleblink's full-sized avatar

Alex Flores audibleblink

View GitHub Profile
cat <<EOF > /etc/apt/preferences.d/pinning
Package: *
Pin: release o=Debian,a=testing
Pin-Priority: 900
Package: *
Pin: release o=Debian,a=stable
Pin-Priority: 400
Package: *
@audibleblink
audibleblink / hpb3_links.txt
Last active September 19, 2023 13:01
All links from Hacker Playbook 3, with bit.ly links unfurled
@audibleblink
audibleblink / io.ngrok.client.plist
Last active June 19, 2023 02:08
launchd file to keep ngrok alive; requires you have an ngrok config file with your connection definitions
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>io.ngrok.start</string>
<key>KeepAlive</key>
<true/>
<key>ProgramArguments</key>
<array>
@audibleblink
audibleblink / Swift.sublime-build
Created December 13, 2014 22:26
Swift Build System for Sublime Text
// Tested on Yosemite with Xcode6
// This only works if `swift` from
// your shell starts the Swift REPL
{
"cmd": ["swift", "$file"],
"selector": "source.swift"
}
@audibleblink
audibleblink / Workstation-Takeover.md
Created July 25, 2021 21:46 — forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

@audibleblink
audibleblink / dllmain.go
Created July 31, 2021 00:30 — forked from NaniteFactory/dllmain.go
An implementation example of DllMain() entrypoint with Golang. $ go build --buildmode=c-shared -o my.dll && rundll32.exe my.dll Test
package main
//#include "dllmain.h"
import "C"
@audibleblink
audibleblink / proxy.go
Created July 31, 2021 00:17 — forked from legendtkl/proxy.go
simple golang tcp proxy (forward request)
package main
import (
"fmt"
"net"
"io"
)
func main() {
//http.HandleFunc("/", handler)
@audibleblink
audibleblink / DllMainThread.c
Created July 8, 2021 13:09 — forked from securitytube/DllMainThread.c
Launch Shellcode as a Thread via DllMain rather than a new process
// Dll Hijacking via Thread Creation
// Author - Vivek Ramachandran
// Learn Pentesting Online -- http://PentesterAcademy.com/topics and http://SecurityTube-Training.com
// Free Infosec Videos -- http://SecurityTube.net
#include <windows.h>
#define SHELLCODELEN 2048
This file has been truncated, but you can view the full file.
[*] - C:\Windows\System32\1028\VsGraphicsResources.dll
[?] 64-bit Image!
[>] Time Stamp: 12/31/1969 19:00:00
[>] Function Count:
[>] Named Functions:
[>] Ordinal Base:
[>] Function Array RVA: 0x
@audibleblink
audibleblink / openssl.MD
Created December 10, 2018 17:01 — forked from jchandra74/openssl.MD
HOWTO: Create Your Own Self-Signed Certificate with Subject Alternative Names Using OpenSSL in Ubuntu Bash for Window

HOWTO: Create Your Own Self-Signed Certificate with Subject Alternative Names Using OpenSSL in Ubuntu Bash for Window

Overview

My main development workstation is a Windows 10 machine, so we'll approach this from that viewpoint.

Recently, Google Chrome started giving me a warning when I open a site that uses https and self-signed certificate on my local development machine due to some SSL certificate issues like the one below:

Self-Signed SSL Issue in Chrome