ThePirateWhoSmellsOfSunflowers
/ atexec_rpc.py
Last active
August 15, 2025 12:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Impacket - Collection of Python classes for working with network protocols. | |
| # | |
| # Copyright Fortra, LLC and its affiliated companies | |
| # | |
| # All rights reserved. | |
| # | |
| # This software is provided under a slightly modified version | |
| # of the Apache Software License. See the accompanying LICENSE file | |
| # for more information. |
nullenc0de
/ task_explorer
Created
November 8, 2024 17:18
netexec smb TARGET -u ADMIN -p PASS -M task_explorer -o EXPORT_XML=True OUTPUT_DIR=./tasks SCAN_CREDS=True
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from datetime import datetime | |
| import xml.etree.ElementTree as ET | |
| from typing import List, Dict, Optional | |
| import os | |
| import re | |
| from impacket.dcerpc.v5.dcom.wmi import WBEMSTATUS | |
| from nxc.helpers.logger import highlight | |
| class TaskVulnerability: | |
| def __init__(self, name: str, path: str, command: str, author: str, |
nullenc0de
/ sensitive_search
Created
November 8, 2024 17:16
netexec smb TARGET -u USER -p PASS -M sensitive_search -o MAX_DEPTH=5 EXTENSIONS=.txt,.log,.config OUTPUT_FILE=findings.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from datetime import datetime | |
| from typing import List, Dict | |
| import re | |
| from nxc.helpers.logger import highlight | |
| from concurrent.futures import ThreadPoolExecutor, as_completed | |
| import json | |
| class NXCModule: | |
| name = "sensitive_search" | |
| description = "Search for files containing sensitive data patterns in shares with custom regex support" |
Chenx221
/ vs_22_19_17_dl.md
Created
July 13, 2024 01:30
Visual Studio 2022/2019/2017 Web Installer Direct download link
mpgn
/ jab-vs-netexec.md
Last active
July 8, 2024 17:49
- Original writeup: https://0xdf.gitlab.io/2024/06/29/htb-jab.html
- Video writeup: https://www.youtube.com/watch?v=tprP-GDW_6c
This writeup only highlights some part of the writeup of @0xdf that can be done with netexec instead of using another tool :)
This is not a full writeup of the JAB machine ! Bug fix on dcom is not fully merge into main !
Thanks to @ippsec for the bug report on mmcexec method !
zhsh9
/ configure_krb5.py
Created
February 22, 2024 22:22
— forked from opabravo/configure_krb5.py
This script can easily configure /etc/krb5.conf for evil-winrm, by providing a domain fqdn and domain controller name
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| This script can easily configure /etc/krb5.conf for evil-winrm, by providing a domain fqdn and domain controller name | |
| So that evil-winrm can be used with kerberos authentication | |
| Evil-winrm Example: | |
| ```bash | |
| export KRB5CCNAME=Administrator.ccache | |
| evil-winrm -i forest.htb.local -r htb.local | |
| ``` |
testanull
/ SharePwn_public.py
Created
December 15, 2023 07:31
SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955 PoC
jonny-jhnson
/ LDAPQueries.md
Created
October 25, 2023 15:05
List of known LDAP queries used by attackers
Queries are not complete and are meant to be a reference. If you are using them for hunting use a contains within the query language.
- Kerberoasting
- (&(samAccountType=805306368)(servicePrincipalName=*)(!samAccountName=krbtgt)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
- (&(samAccountType=805306368)(servicePrincipalName=*)(!samAccountName=krbtgt)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(!msds-supportedencryptiontypes:1.2.840.113556.1.4.804:=24))
- (&(samAccountType=805306368)(servicePrincipalName=*)(!samAccountName=krbtgt)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(msds-supportedencryptiontypes:1.2.840.113556.1.4.804:=24))
- Attributes with passwords
- (userpassword=*)
aconite33
/ bloodhoundce_import.py
Created
August 15, 2023 23:04
Import large files into BloodHound CE Edition
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import time | |
| import argparse | |
| import getpass | |
| import os | |
| import sys | |
| def main(): |
antonioCoco
/ TcbElevation.cpp
Last active
October 21, 2025 14:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // TcbElevation - Authors: @splinter_code and @decoder_it | |
| #define SECURITY_WIN32 | |
| #include <windows.h> | |
| #include <sspi.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "Secur32.lib") | |
| void EnableTcbPrivilege(BOOL enforceCheck); |
NewerOlder