-
run
./setup.sh -
change directory to
/srv/pxe -
create
./dnsmasq.conf -
create
./pxelinux.cfg/default -
bring up interface
sudo ip addr add 172.30.30.1/24 dev enp0s31f6
Daniel dadevel
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| xargs -I {} -n 1 -P 16 -r -- curl -sS https://internetdb.shodan.io/{} | \ | |
| jq -r 'select(.ip!=null)|[.ip,(.hostnames|join(",")),(.ports|join(",")),(.cpes|join(",")),(.tags|join(","))]|@tsv' | \ | |
| sort -Vu | \ | |
| column -ts $'\t' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| xargs -I {} -n 1 -P 16 -r -- curl -sS https://internetdb.shodan.io/{} | \ | |
| jq -r 'select(.hostnames!=null)|.hostnames[]' | \ | |
| sort -Vu |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys | |
| import urllib.parse | |
| import tldextract | |
| # pip3 install --user tldextract | |
| def main() -> None: | |
| for line in sys.stdin: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from argparse import ArgumentParser | |
| from typing import Any, Iterator | |
| import ipaddress | |
| import json | |
| import requests | |
| def main() -> None: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| # gcc ./embed.c -o ./embed && ./embed | |
| asm(R"( | |
| .pushsection .rodata | |
| .global flag | |
| .type flag, @object | |
| .balign 1 |
dadevel
/ ldeep-trust-discover.sh
Last active
January 27, 2023 22:43
AD Trust Discovery with franc-pentest/ldeep#27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| # usage: ldeep-trust-discover child.corp.com -u user -p passw0rd | |
| discover() { | |
| if [[ ! -e "./trust-$1.json" ]]; then | |
| echo "discovering $1" >&2 | |
| ldeep ldap -s ldaps://"$1" "${@:2}" trusts -v > "./trust-$1.json" 2> /dev/null || \ | |
| ldeep ldap -s ldap://"$1" "${@:2}" trusts -v > "./trust-$1.json" 2> /dev/null || { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import requests | |
| import sys | |
| # usage: cat ./gathered-emails.txt | ./o365-user-enum.py | tee -a ./valid-emails.txt | |
| url = 'https://login.microsoftonline.com/common/GetCredentialType' | |
| user_agent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5359.178 Safari/537.36 Edg/106.0.1266.51' | |
| with requests.session() as session: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from argparse import ArgumentParser | |
| import json | |
| import sys | |
| import requests | |
| # Retrieve an access token via the device code flow: | |
| # roadtx auth --tokenfile ~/.cache/azmail.json --resource https://outlook.office.com --client d3590ed6-52b3-4102-aeff-aad2292ab01c --tenant contoso.com --device-code |
dadevel
/ sharphound-import-fix.py
Last active
April 7, 2023 15:34
Workaround for BloodHoundAD/BloodHound#614
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from argparse import ArgumentParser, RawDescriptionHelpFormatter | |
| from zipfile import ZipFile | |
| import json | |
| import shutil | |
| # from https://github.com/fox-it/BloodHound.py/blob/273984883d9ca3dd21f6fca35ec88671cac3fc87/bloodhound/ad/trusts.py#L59 | |
| TRUST_DIRECTIONS = { | |
| 0: 'Disabled', | |
| 1: 'Inbound', |
OlderNewer