Skip to content

Instantly share code, notes, and snippets.

View gfoss's full-sized avatar

Greg Foss gfoss

290 followers · 142 following
View GitHub Profile
@jstnkndy
jstnkndy / Volume Shadow Copy
Last active August 29, 2015 14:06
# Start the Volume Shadow Service
C:\bak>cscript vssown.vbs /start
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
[*] Signal sent to start the VSS service.
# Create a Volument Shadow Copy, C is the drive where the files reside, this may not always be C
@aaronott
aaronott / d7_fixperms.sh
Created October 17, 2012 20:37
Fix D7 file permissions
#!/bin/sh
PERM_USER=nobody
PERM_GROUP=dev
APACHE_USER=apache
if [ $# -ne 1 ] ; then
echo "USAGE $0 <d7 root dir>"
exit;
fi
@darkoperator
darkoperator / send_sms.py
Created December 8, 2013 14:42
sends using gmail an email to the ATT SMS gateway.
import subprocess
import smtplib
import socket
from email.mime.text import MIMEText
import datetime
# Change to your own account information
to = '<your number>@txt.att.net '
gmail_user = ''
gmail_password = ''
smtpserver = smtplib.SMTP('smtp.gmail.com', 587)
@binkybear
binkybear / mubix-lock.sh
Last active November 3, 2021 22:56
mubix-lock.sh
#!/bin/bash
#
# Attack created by Mubix. For more information see:
# https://room362.com/post/2016/snagging-creds-from-locked-machines
# Modified for Nethunter by Binkybear
#
# ================== #
# Check for root
# ================== #
@gfoss
gfoss / Extract-WiFi-Creds.ps1
Last active February 1, 2022 13:06
Simple script to extract locally-stored Wi-Fi Credentials
#====================================#
# Extract Wi-Fi Credentials #
# greg . foss @ owasp . org #
# v0.1 -- July, 2017 #
#====================================#
# Licensed under the MIT License
<#
@rootkea
rootkea / spectre.c
Created January 4, 2018 15:36
PoC from Spectre Attacks: Exploiting Speculative Execution (https://spectreattack.com/spectre.pdf)
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif
@mattifestation
mattifestation / EnableAMSILogging.ps1
Last active October 29, 2022 14:28
Enables AMSI logging to the AMSI/Operational event log
$AutoLoggerName = 'MyAMSILogger'
$AutoLoggerGuid = "{$((New-Guid).Guid)}"
New-AutologgerConfig -Name $AutoLoggerName -Guid $AutoLoggerGuid -Start Enabled
Add-EtwTraceProvider -AutologgerName $AutoLoggerName -Guid '{2A576B87-09A7-520E-C21A-4942F0271D67}' -Level 0xff -MatchAnyKeyword ([UInt64] (0x8000000000000001 -band ([UInt64]::MaxValue))) -Property 0x41
@mattifestation
mattifestation / drop_binary.bat
Created July 12, 2015 05:49
Drop binary data from the command line w/o needing PowerShell
echo -----BEGIN CERTIFICATE----- > encoded.txt
echo Just Base64 encode your binary data
echo TVoAAA== >> encoded.txt
echo -----END CERTIFICATE----- >> encoded.txt
certutil -decode encoded.txt decoded.bin
@leoloobeek
leoloobeek / EventVwrBypass.cs
Last active June 6, 2023 08:50
Event Viewer UAC Bypass in CSharp for use with InstallUtil.exe
using System;
using System.Linq;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
using Microsoft.Win32;
/*
InstallUtil.exe C# version of Event Viewer UAC bypass
@gfoss
gfoss / auto-hydra.sh
Created August 3, 2017 03:16
Simple Masscan + Hydra wrapper used to perform automated scans by group (organization, unit, team, etc) and generate a report on the results.
#!/bin/bash
#
# @heinzarelli
# greg . foss [at] logrhythm . com
# v0.1 - May 2017
#
function usage {
echo ""