Skip to content

Instantly share code, notes, and snippets.

Jeff McJunkin jeffmcjunkin

Block or report user

Report or block jeffmcjunkin

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View bh-mark-owned.py
#!/usr/bin/env python
import getpass
import os, stat
from neo4j import GraphDatabase, basic_auth
import sys
def set_computer_owned(computer):
with driver.session() as session:
session.run("MATCH (c:Computer) "
"WHERE LOWER(c.name) = LOWER({computer}) " # Index-preserving case-insensitive search from https://stackoverflow.com/a/41489087/372377
@jeffmcjunkin
jeffmcjunkin / gist:7b4a67bb7dd0cfbfbd83768f3aa6eb12
Last active Oct 18, 2019
Useful Cypher queries for BloodHound
View gist:7b4a67bb7dd0cfbfbd83768f3aa6eb12
MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer
RETURN u.name
That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership
---------------
MATCH
(U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer)
WITH
U.name as n,
@jeffmcjunkin
jeffmcjunkin / check-masscan-results.sh
Last active Dec 28, 2017
Look, it got the job done, okay?
View check-masscan-results.sh
for rate in 100 1000 10000 20000 40000 100000; do for attempt in $(seq 1 5); do echo -n "Rate: $rate / Attempt: $attempt - "; responses=$(grep 'state state="open" reason=' /tmp/DO-masscan-${rate}.${attempt}.xml | cut -d" " -f3- | sort -u | wc -l); echo "scale=5; 100 * (1 - ( $responses /50001))" | bc; done; done
@jeffmcjunkin
jeffmcjunkin / gist:6ca39fae82c38a90a05902368118c881
Created May 15, 2017
Empire REST response for `curl --insecure -i https://localhost:1337/api/agents?token=$TOKEN`
View gist:6ca39fae82c38a90a05902368118c881
{
"agents": [
{
"ID": 1,
"checkin_time": "2017-05-15 16:17:21",
"children": null,
"delay": 5,
"external_ip": "172.16.187.135",
"functions": null,
"headers": "",
@jeffmcjunkin
jeffmcjunkin / gist:d852b43cd560e4548eb690e74c4fd26b
Created May 15, 2017
Empire REST response for `curl --insecure -i https://localhost:1337/api/listeners/options?token=$TOKEN`
View gist:d852b43cd560e4548eb690e74c4fd26b
{
"listeneroptions": [
{
"CertPath": {
"Description": "Certificate path for https listeners.",
"Required": false,
"Value": ""
},
"DefaultDelay": {
"Description": "Agent delay/reach back interval (in seconds).",
@jeffmcjunkin
jeffmcjunkin / gist:8c65d438ae3aee8cf10b0e380776cd71
Last active May 17, 2017
Empire REST API Python client proposal
View gist:8c65d438ae3aee8cf10b0e380776cd71
# start empire headless with the specified API username and password
./empire --headless --username empireadmin --password 'Password123!'
# login and the current server token
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/admin/login -X POST -d '{"username":"empireadmin", "password":"Password123!"}'
empire.login
# store the token in a variable
TOKEN=<API_token>
You can’t perform that action at this time.