Skip to content

Instantly share code, notes, and snippets.

View nikallass's full-sized avatar

Nikita Medvedev nikallass

View GitHub Profile
@nikallass
nikallass / sysvol_observer_v2.sh
Last active February 1, 2025 16:46
Find interesting scripts and extensions in mounted directory (SMB, NFS, SSHFS, FTP shares)
#!/bin/bash
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
# Help function
show_help() {
echo -e "${YELLOW}Usage: $0 <path_to_DIRECTORY> [option]${NC}"
echo "Options:"
@nikallass
nikallass / fix_py_bloodhound_ingestor.py
Last active January 28, 2025 06:50
dirkjanm python ingestor writes out fields without LocalAdmins, RemoteDesktopUsers, DcomUsers, PSRemoteUsers if there was no connection to hosts. Legacy Neo4j cannot process such file. Script fixes it.
# https://github.com/dirkjanm/BloodHound.py
# this ingestor writes out fields without LocalAdmins, RemoteDesktopUsers, DcomUsers, PSRemoteUsers if there was no connection to hosts.
# Legacy Neo4j cannot process such file. Script fixes it.
import json
import argparse
import sys
def update_json(input_file, output_file):
# Fields to add
@nikallass
nikallass / gist:dadcf73f23a77e9313816c4fbb554e4b
Created January 13, 2025 19:25
Anthropic API Integration for OpenWebUI with http proxy support
"""
title: Anthropic API Integration for OpenWebUI
author: Balaxxe
version: 2.2
license: MIT
requirements: pydantic>=2.0.0, requests>=2.0.0
environment_variables:
- ANTHROPIC_API_KEY (required)
- HTTP_PROXY (optional)
@nikallass
nikallass / sysvol_observer.sh
Created January 11, 2025 18:31
SYSVOL enumeration script
#!/bin/bash
# sudo mount -t cifs //IP_ADDRESS/SYSVOL /mnt/sysvol -o username=USERNAME,password=PASSWORD,domain=DOMAIN.LTD
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
SYSVOL_PATH="/mnt/sysvol"
@nikallass
nikallass / connect.c
Created November 27, 2024 17:29 — forked from rurban/connect.c
/***********************************************************************
* connect.c -- Make socket connection using SOCKS4/5 and HTTP tunnel.
*
* Copyright (c) 2000-2006 Shun-ichi Goto
* Copyright (c) 2002, J. Grant (English Corrections)
* Copyright (c) 2010, Reini Urban (added realm to http_auth basic)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2

Magnet links with URL param reges: magnet:\?xt=urn:[a-zA-Z0-9]+:[a-zA-Z0-9]{32,40}(&dn=.*|&tr=.*)*

@nikallass
nikallass / check-smb-v3.11.sh
Created March 11, 2020 04:57
CVE-2020-0796. Scan HOST/CIDR with nmap script smb-protocols.nse and grep SMB version 3.11.
#!/bin/bash
if [ $# -eq 0 ]
then
echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR'
exit 1
fi
echo "Checking if there's SMB v3.11 in" $1 "..."
nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+'
@nikallass
nikallass / rbcd_demo.ps1
Created January 21, 2020 12:20 — forked from HarmJ0y/rbcd_demo.ps1
Resource-based constrained delegation computer DACL takeover demo
# import the necessary toolsets
Import-Module .\powermad.ps1
Import-Module .\powerview.ps1
# we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account
whoami
# the target computer object we're taking over
$TargetComputer = "primary.testlab.local"
@nikallass
nikallass / toggle_terminator.sh
Last active October 21, 2019 07:12
Toggle terminator. Kali
#!/bin/bash
# hotkey for prefrences /root/toggle_terminator.sh terminator
# on first start run script manually to install dependencies
#
# This script does this:
# launch an app if it isn't launched yet,
# focus the app if it is launched but not focused,
# minimize the app if it is focused.
#
# by desgua - 2012/04/29
@nikallass
nikallass / letsencrypt-webroot-apache.md
Created September 4, 2018 11:47 — forked from daronco/letsencrypt-webroot-apache.md
Letsencrypt with webroot on Apache

Config Apache with /etc/apache2/conf-available/le.conf:

Alias /.well-known/acme-challenge/ "/var/www/html/.well-known/acme-challenge/"
<Directory "/var/www/html/">
    AllowOverride None
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require method GET POST OPTIONS
</Directory>