- Docker inserts iptables rules when it's started by default
- buster uses nftables by default
- let's make Docker use nftables instead
- PROFIT
Install Docker CE and nftables:
Michael Eder edermi
gladiatx0r
/ Workstation-Takeover.md
Last active
April 25, 2024 13:23
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
aconite33
/ bloodhoundce_import.py
Created
August 15, 2023 23:04
Import large files into BloodHound CE Edition
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import time | |
| import argparse | |
| import getpass | |
| import os | |
| import sys | |
| def main(): |
witmin
/ ffmpeg-mp4-to-animated-webp.md
Last active
April 20, 2024 23:49
Convert MP4 file to animated WebP in ffmpeg
jessfraz
/ boxstarter.ps1
Last active
April 11, 2024 16:02
Boxstarter Commands for a new Windows box.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: Boxstarter Script | |
| # Author: Jess Frazelle <jess@linux.com> | |
| # Last Updated: 2017-09-11 | |
| # | |
| # Install boxstarter: | |
| # . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force | |
| # | |
| # You might need to set: Set-ExecutionPolicy RemoteSigned | |
| # | |
| # Run this boxstarter by calling the following from an **elevated** command-prompt: |
xpn
/ azuread_decrypt_msol_v2.ps1
Created
April 11, 2020 01:34
Updated method of dumping the MSOL service account (which allows a DCSync) used by Azure AD Connect Sync
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Write-Host "AD Connect Sync Credential Extract v2 (@_xpn_)" | |
| Write-Host "`t[ Updated to support new cryptokey storage method ]`n" | |
| $client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync;Initial Catalog=ADSync" | |
| try { | |
| $client.Open() | |
| } catch { | |
| Write-Host "[!] Could not connect to localdb..." | |
| return |
mattifestation
/ CIPolicyParser.ps1
Last active
March 13, 2024 19:48
Functions to recover information from binary Windows Defender Application Control (WDAC) Code Integrity policies.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ensure System.Security assembly is loaded. | |
| Add-Type -AssemblyName System.Security | |
| function ConvertTo-CIPolicy { | |
| <# | |
| .SYNOPSIS | |
| Converts a binary file that contains a Code Integrity policy into XML format. | |
| Author: Matthew Graeber (@mattifestation) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import csv | |
| import requests | |
| import argparse | |
| from bs4 import BeautifulSoup | |
| from colorama import Fore, Style, init | |
| init(autoreset=True) | |
| known_security_vendors = [ | |
| 'symantec', 'mcafee', 'trendmicro', 'kaspersky', 'bitdefender', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // How to locate the NT Delegate Callback Table in x86 builds of ntdll.dll | |
| // | |
| // @modexpblog | |
| // | |
| #define PHNT_VERSION PHNT_THRESHOLD | |
| #include <phnt_windows.h> | |
| #include <phnt.h> |
GeisericII
/ Get-LoggedOn.py
Last active
February 18, 2024 01:17
Stupid simple script copied and pasted from reg.py/lookupsid and inspired from itm4n's session enum via registry
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| from __future__ import division | |
| from __future__ import print_function | |
| import re | |
| import codecs | |
| import logging | |
| import time | |
| import argparse | |
| import sys | |
| from impacket import version |
NewerOlder