Skip to content

Instantly share code, notes, and snippets.

View its0x08's full-sized avatar

0x08 its0x08

View GitHub Profile
SkyyySi /
Last active July 18, 2024 02:57
A list of alternatives after the shutdown of Vanced


These are the current alternatives (with links when possible):

gladiatx0r /
Last active June 23, 2024 22:01
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure


In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

approovm /
Last active July 2, 2024 19:10
Certificate Pinning Bypassing: Setup with Frida, mitmproxy and Android Emulator with a writable file system

Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.

root@bastion:~# find /tmp/ssh-* -type s

root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh

user@internal:~$ hostname -f
cihanmehmet /
Last active June 16, 2024 10:01
Subdomain Wordlist
harisec / exploit_path_traversals_in_Java_webapps.txt
Created April 27, 2020 10:24
quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)
so, you can read WEB-INF/web.xml. how can you escalate this issue?
[step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml.
use a specialized wordlist such as the following (from Sergey Bobrov/BlackFan):
with time you can build your own wordlist adding files you've discovered over time.
use Burp Intruder for this, it's perfect for this job.
sort Intruder results by status code so you can see instantly which files were found.
payloadartist /
Last active February 6, 2021 20:42
Enumerate sub-domains, then open them in Firefox automatically. Useful for taking a quick glance at target's assets, and make notes, while doing recon.
# ------Instructions---------
# Install (and configure) subfinder, assetfinder, and httprobe
# go get -v && go get -v && go get -v
# cat >> ~/.bashrc
# source ~/.bashrc
# Usage - subf_ff target.tld
# asset_ff target.tld
subf_ff () {
subfinder -d $1 -silent -t 100 | httprobe -c 50 | sort -u | while read line; do firefox $line; sleep 10; done
dwisiswant0 /
Last active February 17, 2024 16:48
St8out - Extra one-liner for reconnaissance
# St8out - Extra one-liner for reconnaissance
# Usage: ./
# Resources:
# -
dianjuar /
Last active July 9, 2024 11:26
My i3 shortcuts to take screenshots


  • maim
  • xclip


Set this on your i3 config file ~/.i3/config

# Screenshots