Skip to content

Instantly share code, notes, and snippets.

View queencitycyber's full-sized avatar
knuckin n buckin

clandestination queencitycyber

knuckin n buckin
View GitHub Profile
Good detailed info on running solid CTF:
General Notes:
- Announce on
- Make flag easy!
- Make flag very permissible (insensitive, accept multiple features, etc)
- Deliver files via HTTP
queencitycyber / Bit Bangin'
Last active April 16, 2024 07:01
Mostly older shit from '17-'20. Some good, some stale. Posting here for posterity.
Pulled from my private Workflowy repo.
hackery (@Section31D)
- Penetration Testing/Assessment Workflow
queencitycyber / randsomshit
Last active April 4, 2022 15:31
Random Shit
Tired of having random notes and shit floatin around. Most of this will probably exist elsewhere in my notes, but I'd like to have it here to remember
# Console Table. Update as needed
`console.table([...document.querySelectorAll('.fatitem table .athing')].map(el => [el.textContent.trim(), el.nextSibling.textContent.trim()]).sort(([,a], [,b]) => parseInt(b) - parseInt(a)))`
# No clue. From Outlook headers[GUID]&apiver=oneshell&cshver=20220227.1&upn=[REDACTED]
# Dumps GitLab's user base to CSV form.
# Source:
# Requires GraphqlClient: pip install python-graphql-client
from python_graphql_client import GraphqlClient
import json
import sys
import argparse
queencitycyber /
Last active April 25, 2022 15:31
Flask server, enable CORS Access-Control-Allow-Origin headers to accept connections from an XSS affected victim while hosting XSS PoC
A tiny Flask web server ready to shoot reflective CORS Access-Control-Allow-Origin headers to accept connections from an XSS affected victim while hosting your evil JS payload
# Stolen from
from flask import Flask, send_file
from flask_cors import CORS
app = Flask(__name__)
queencitycyber /
Created April 18, 2022 13:56 — forked from bandrel/
To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
#!/usr/bin/env python3
#Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
#Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH:::
# ./ <hash_dump>
import argparse
import re
parser = argparse.ArgumentParser(description="Check user hashes against each other to find users that share passwords")
queencitycyber /
Created May 11, 2022 18:48 — forked from ndavison/
Attempts to find hop-by-hop header abuse potential against the provided URL.
import requests
import random
import string
from argparse import ArgumentParser
parser = ArgumentParser(description="Attempts to find hop-by-hop header abuse potential against the provided URL.")
parser.add_argument("-u", "--url", help="URL to target (without query string)")
queencitycyber /
Created May 24, 2022 14:17
username oracle via ssh public key
# source:
import logging
import socket
import sys
import paramiko.auth_handler
import requests
import argparse
queencitycyber /
Created August 17, 2022 14:20
Multi-threaded SimpleHTTPServer
import argparse
import http.server
import socketserver
import sys
class ThreadedHTTPServer(socketserver.ThreadingMixIn, http.server.HTTPServer):
def main(argv):
queencitycyber /
Created January 21, 2023 19:37
dumb python script to parse exchanger output
parses impacket-exchanger output to put useful results in a table
import click
from rich.console import Console
from rich.table import Table
import re