Skip to content

Instantly share code, notes, and snippets.

View dadevel's full-sized avatar

Daniel dadevel

View GitHub Profile
@dadevel
dadevel / README.md
Last active November 12, 2021 08:27

Netboot Ubuntu from Arch Linux

  • run ./setup.sh

  • change directory to /srv/pxe

  • create ./dnsmasq.conf

  • create ./pxelinux.cfg/default

  • bring up interface

sudo ip addr add 172.30.30.1/24 dev enp0s31f6

@dadevel
dadevel / inetdb-recon.sh
Created January 10, 2023 10:15
Shodan InternetDB Recon
#!/usr/bin/env bash
set -euo pipefail
xargs -I {} -n 1 -P 16 -r -- curl -sS https://internetdb.shodan.io/{} | \
jq -r 'select(.ip!=null)|[.ip,(.hostnames|join(",")),(.ports|join(",")),(.cpes|join(",")),(.tags|join(","))]|@tsv' | \
sort -Vu | \
column -ts $'\t'
@dadevel
dadevel / inetdb-rdns.sh
Last active January 10, 2023 10:17
Shodan InternetDB Reverse DNS Lookup
#!/usr/bin/env bash
set -euo pipefail
xargs -I {} -n 1 -P 16 -r -- curl -sS https://internetdb.shodan.io/{} | \
jq -r 'select(.hostnames!=null)|.hostnames[]' | \
sort -Vu
@dadevel
dadevel / sldextract.py
Last active January 10, 2023 10:23
Second Level Domain Extractor
#!/usr/bin/env python3
import sys
import urllib.parse
import tldextract
# pip3 install --user tldextract
def main() -> None:
for line in sys.stdin:
@dadevel
dadevel / ripe-search.py
Last active January 10, 2023 10:23
RIPE Database Search
#!/usr/bin/env python3
from argparse import ArgumentParser
from typing import Any, Iterator
import ipaddress
import json
import requests
def main() -> None:
@dadevel
dadevel / embed.c
Last active January 10, 2023 10:32
C/C++ File Embedding
#include <stdio.h>
# gcc ./embed.c -o ./embed && ./embed
asm(R"(
.pushsection .rodata
.global flag
.type flag, @object
.balign 1
@dadevel
dadevel / ldeep-trust-discover.sh
Last active January 27, 2023 22:43
AD Trust Discovery with franc-pentest/ldeep#27
#!/usr/bin/env bash
set -euo pipefail
# usage: ldeep-trust-discover child.corp.com -u user -p passw0rd
discover() {
if [[ ! -e "./trust-$1.json" ]]; then
echo "discovering $1" >&2
ldeep ldap -s ldaps://"$1" "${@:2}" trusts -v > "./trust-$1.json" 2> /dev/null || \
ldeep ldap -s ldap://"$1" "${@:2}" trusts -v > "./trust-$1.json" 2> /dev/null || {
@dadevel
dadevel / o365-user-enum.py
Created February 22, 2023 11:10
O365 User Enumeration
#!/usr/bin/python3
import requests
import sys
# usage: cat ./gathered-emails.txt | ./o365-user-enum.py | tee -a ./valid-emails.txt
url = 'https://login.microsoftonline.com/common/GetCredentialType'
user_agent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5359.178 Safari/537.36 Edg/106.0.1266.51'
with requests.session() as session:
@dadevel
dadevel / azmail.py
Last active February 28, 2023 13:35
Send Email with Azure/M365
#!/usr/bin/env python3
from argparse import ArgumentParser
import json
import sys
import requests
# Retrieve an access token via the device code flow:
# roadtx auth --tokenfile ~/.cache/azmail.json --resource https://outlook.office.com --client d3590ed6-52b3-4102-aeff-aad2292ab01c --tenant contoso.com --device-code
@dadevel
dadevel / ArcserveDecrypter.cpp
Last active August 31, 2023 20:30
ArcserveDecrypter
#include <windows.h>
#include <stdio.h>
// compilation: x86_64-w64-mingw32-g++ -m64 -Wall -Wextra -std=c++20 -lstdc++ -static -Os -s -o ./ArcserveDecrypter.exe ./ArcserveDecrypter.cpp
// usage: ./ArcserveDecrypter.exe HEXBLOB
// based on https://github.com/mdsecactivebreach/CVE-2023-26258-ArcServe/blob/main/ArcServeDecrypter.c
constexpr unsigned char key[] = { 0x50, 0x00, 0x6C, 0x00, 0x65, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6E, 0x00, 0x70, 0x00, 0x75, 0x00, 0x74, 0x00, 0x20, 0x00, 0x61, 0x00, 0x20, 0x00, 0x76, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x69, 0x00, 0x64, 0x00, 0x20, 0x00, 0x70, 0x00, 0x61, 0x00, 0x73, 0x00, 0x73, 0x00, 0x77, 0x00, 0x6F, 0x00, 0x72, 0x00, 0x64, 0x00 };
constexpr auto key_len = sizeof(key);