g0tmi1k g0tmi1k
maesitos
/ gist:2b487af512e2c17607d53066bccfcd2b
Last active
September 8, 2022 20:29
Back-up routine for backing up git into synology
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # !/bin/bash | |
| # Put here all the repos you want to back up | |
| declare -a repositories=("repo_name") | |
| # Path to repos | |
| repo_path=/volume1/git/ | |
| for repo in "${repositories[@]}"; do | |
wdormann
/ privileged.py
Last active
April 30, 2021 13:07
List privileged services that don't come with Windows 10 - deprecated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # DON'T USE THIS VERSION! | |
| # Try https://gist.github.com/wdormann/89ed779933fe205fb52ecf3eacf5ff40 instead | |
| import os | |
| import subprocess | |
| # See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/ | |
| svcinfo = {} | |
| FNULL = open(os.devnull, 'w') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sub cloud_moomin { | |
| set resp.http.moomin00 = " %1b[38;5;237m▄%1b[38;5;235m▄%1b[49m"; | |
| set resp.http.moomin01 = " %1b[38;5;237m▄%1b[48;5;237m%1b[38;5;249m▄%1b[38;5;236m▄%1b[49m %1b[48;5;239m%1b[38;5;16m▄%1b[48;5;237m%1b[38;5;253m▄%1b[38;5;247m▄%1b[48;5;234m%1b[38;5;16m▄%1b[49m"; | |
| set resp.http.moomin02 = " %1b[38;5;233m▄%1b[48;5;253m%1b[38;5;237m▄%1b[48;5;254m%1b[38;5;255m▄%1b[38;5;251m▄%1b[38;5;239m%1b[49m▄ %1b[38;5;237m▄ %1b[48;5;254m%1b[38;5;248m▄%1b[48;5;249m%1b[38;5;254m▄%1b[48;5;235m%1b[38;5;246m▄%1b[49m"; | |
| set resp.http.moomin03 = " %1b[38;5;235m▄%1b[48;5;250m%1b[38;5;242m▄%1b[48;5;231m %1b[48;5;247m%1b[38;5;231m▄%1b[48;5;252m▄%1b[48;5;253m▄%1b[48;5;254m▄%1b[48;5;253m▄%1b[48;5;249m▄%1b[48;5;188m▄%1b[48;5;245m%1b[38;5;251m▄%1b[49m"; | |
| set resp.http.moomin04 = " |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Mozilla User Preferences | |
| // To change a preference value, you can either: | |
| // - modify it via the UI (e.g. via about:config in the browser); or | |
| // - set it within a user.js file in your profile (create it if it doesn't exist). | |
| // | |
| // Profile folder location on different systems: | |
| // Windows: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default | |
| // Mac OS X: Users/<username>/Library/Application Support/Firefox/Profiles/xxxxxxxx.default | |
| // Linux: /home/<username>/.mozilla/firefox/xxxxxxxx.default |
asdqwe3124
/ gd-gif.php
Last active
October 8, 2023 03:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| //php gd-gif.php image.gif gd-image.gif | |
| $gif = imagecreatefromgif($argv[1]); | |
| imagegif($gif, $argv[2]); | |
| imagedestroy($gif); | |
| ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import requests | |
| import threading | |
| import HTMLParser | |
| from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler | |
| ''' | |
| Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration | |
| Author: @xassiz | |
| ''' |
mattifestation
/ PowerShellDSCLateralMovement.ps1
Created
March 4, 2018 23:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This idea originated from this blog post on Invoke DSC Resources directly: | |
| # https://blogs.msdn.microsoft.com/powershell/2015/02/27/invoking-powershell-dsc-resources-directly/ | |
| <# | |
| $MOFContents = @' | |
| instance of MSFT_ScriptResource as $MSFT_ScriptResource1ref | |
| { | |
| ResourceID = "[Script]ScriptExample"; | |
| GetScript = "\"$(Get-Date): I am being GET\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True"; | |
| TestScript = "\"$(Get-Date): I am being TESTED\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00] | |
| @="AtomicRedTeam" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00\CLSID] | |
| @="{00000001-0000-0000-0000-0000FEEDACDC}" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam] | |
| @="AtomicRedTeam" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam\CLSID] | |
| @="{00000001-0000-0000-0000-0000FEEDACDC}" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}] |
wdormann
/ disable_win10_foistware.reg
Created
January 2, 2018 23:15
Attempt at disabling Windows 10 automatic installation of 3rd-party foistware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy] | |
| "Disabled"=dword:00000001 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager] | |
| "SubscribedContent-338388Enabled"=dword:00000000 | |
DiabloHorn
/ pe-aware-split.py
Created
November 12, 2017 17:47
Split file while preserving PE format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # DiabloHorn https://diablohorn.com | |
| # blank out bytes taking into account the PE file format | |
| # input file: base64 malware.exe | rev > enc.txt | |
| import sys | |
| import os | |
| #pip install pefile | |
| import pefile | |
| import argparse | |
| import logging |
NewerOlder