Skip to content

Instantly share code, notes, and snippets.

🎵
Listening to meowzek

Dan danzek

🎵
Listening to meowzek
Block or report user

Report or block danzek

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View keybase.md

Keybase proof

I hereby claim:

  • I am danzek on github.
  • I am digital0day (https://keybase.io/digital0day) on keybase.
  • I have a public key whose fingerprint is ED5F 14F3 C51F 9CC9 0C57 809B 3FC9 7A65 5B4A 6C98

To claim this, I am signing this object:

@danzek
danzek / reading_from_stdin_slow.md
Last active Apr 13, 2017
Solution for reading lines from stdin being way too slow in C++
View reading_from_stdin_slow.md

StackOverflow Answer


By default, cin is synchronized with stdio, which causes it to avoid any input buffering. If you add this to the top of your main, you should see much better performance:

std::ios_base::sync_with_stdio(false);
@danzek
danzek / clsid_list.txt
Last active Aug 21, 2017
Common Windows CLSID's
View clsid_list.txt
# use shell::: with CLSID to launch location from run dialog
# e.g., shell:::{21EC2020-3AEA-1069-A2DD-08002B30309D}
#
# retrieved 20170719 from http://krypsec.com/all-clsid-for-windows-to-used-in-ethical-hacking-and-batch-programming/
#
# see also:
# https://www.sysnative.com/forums/windows-8-windows-rt-tutorials/12157-shells-shortcuts-clsid-listing-windows-10-8-1-8-7-a.html
# http://www.geoffchappell.com/studies/windows/shell/explorer/cmdline.htm
CLSID_ControlPanel {21EC2020-3AEA-1069-A2DD-08002B30309D}
@danzek
danzek / stealcreds.c
Created Oct 19, 2017
LsaRetrievePrivateData User Credential Theft on Windows XP-7
View stealcreds.c
/*
* LsaRetrievePrivateData User Credential Theft on Windows XP-7
* ============================================================
*
* Requires admin privileges to run effectively (use privilege escalation
* exploit first then use this to get password so you are no longer dependent
* on the exploit)
*
* Seen on reddit: https://www.reddit.com/r/Malware/comments/779v21/til_you_can_maintain_administrative_access/
* Code from pastebin dump: https://pastebin.com/u992uP5e
@danzek
danzek / delete_filebeat_indices.go
Created Jan 2, 2018
List Elasticsearch indices and delete those from filebeat
View delete_filebeat_indices.go
// Get list of indices from Elasticsearch and delete any with filebeat as prefix
// this is ugly and there should be more functions instead of all this crap in main but it's a one-off script
/*
Public Domain. Use this however you wish!
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@danzek
danzek / getESindices.go
Last active Jan 2, 2018
Print Elasticsearch indices
View getESindices.go
// Get list of indices from Elasticsearch.
// Yes, I know this boils down to `curl http://localhost:9200/_cat/indices` and shows less information.
// I did this as a personal exercise while learning Go.
/*
Public Domain. Use this however you wish!
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
@danzek
danzek / md5hash.ps1
Last active Jan 2, 2018
MD5 hash files in list provided in text file via PowerShell on Win7
View md5hash.ps1
<# Public Domain. Use this however you wish!
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#>
$files = Get-Content "file_path_on_each_line.txt"
Write-Output "File Path,MD5 Hash"
@danzek
danzek / GoogleAnalyticsDomainHashCalculator.cpp
Last active Jan 2, 2018
Google Analytics Domain Hash Calculator - Urchin Tracking Module A (utma)
View GoogleAnalyticsDomainHashCalculator.cpp
// GoogleAnalyticsDomainHashCalculator.cpp
//
// NOTE: I turned this into a robust CLI tool: https://github.com/danzek/gadhash
//
// Calculates Google Analytics Domain Hash given domain name
// =========================================================
// This corresponds to the first value after "utma=" up until the first dot ('.')
// e.g. in "utma=173272373.nnnnnnn", the domain hash is 173272373 ("google.com")
// do not include the protocol in url (e.g., "http://")
//
@danzek
danzek / ewf_ext_helper.py
Last active Jan 2, 2018
EWF Extensions Helper
View ewf_ext_helper.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Expert Witness Format (EWF) Extension Helper
Provides generator methods that provide the next expected file extension for EWF and EWF 2 file formats. For instance:
* E01
* E02
View reformat_encase_internet.py
#!/usr/bin/python -tt
# -*- coding: utf-8 -*-
"""
Given the starting line number from the html output (and optional ending line number), parses Internet history
artifacts from a default EnCase 7 HTML report into a nicer looking table. Be sure to customize fields and field widths
as needed.
Copyright 2015, Dan O'Day (d@4n68r.com)
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
You can’t perform that action at this time.