Skip to content

Instantly share code, notes, and snippets.

Avatar

Rohan Vazarkar rvazarkar

View GitHub Profile
View keybase.md

Keybase proof

I hereby claim:

  • I am rvazarkar on github.
  • I am cptjesus (https://keybase.io/cptjesus) on keybase.
  • I have a public key whose fingerprint is 309B 57DD A097 7565 6792 5796 6A61 8F77 5207 56E5

To claim this, I am signing this object:

View PowerViewKrb.ps1
#requires -version 2
<#
PowerSploit File: PowerView.ps1
Author: Will Schroeder (@harmj0y)
License: BSD 3-Clause
Required Dependencies: None
#>
View UsingDomainProperty.json
{
"name": "Users with Foreign Domain Group Membership",
"queryList": [
{
"final": false,
"title": "Select source domain...",
"query": "MATCH (n:Domain) RETURN n.name ORDER BY n.name DESC"
},
{
"final": true,
View NewPrebuiltQuery,json
{
"name": "Shortest Path from SPN User",
"queryList":[
{
"final": false,
"title":"Select a domain...",
"query":"MATCH (n:Domain) RETURN n.name ORDER BY n.name DESC"
},
{
"final": false,
View APICheatSheet.csv
API Call MSDN Link Protocol Port RPC Interface UUID Named Pipe RPC Method RPC MSDN Link
NetSessionEnum https://msdn.microsoft.com/en-us/library/windows/desktop/bb525382(v=vs.85).aspx [MS-SRVS]: Server Service Remote Protocol TCP 445 4B324FC8-1670-01D3-1278-5A47BF6EE188 \PIPE\srvsvc NetrSessionEnum https://msdn.microsoft.com/en-us/library/cc247273.aspx
NetWkstaUserEnum https://msdn.microsoft.com/en-us/library/windows/desktop/aa370669(v=vs.85).aspx [MS-WKST]: Workstation Service Remote Protocol TCP 445 6BFFD098-A112-3610-9833-46C3F87E345A \PIPE\wkssvc NetrWkstaUserEnum https://msdn.microsoft.com/en-us/library/cc250349.aspx
View TargetCheatSheet.csv
Collection Method API Call MSDN Link Default Targets Stealth Targets
Session NetSessionEnum https://msdn.microsoft.com/en-us/library/windows/desktop/bb525382(v=vs.85).aspx All Computers Domain Controllers + 'Share Servers'
LocalGroup Modified NetLocalGroupGetMembers https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx All Computers GPO Files
Group Ldap N/A All User Group and Computer Objects All User Group and Computer Objects
Trusts DsEnumerateDomainTrusts https://msdn.microsoft.com/en-us/library/ms675976(v=vs.85).aspx All Domain and TrustedDomain objects All Domain and TrustedDomain objects
LoggedOn Remote Registry + NetWkstaUserEnum https://msdn.microsoft.com/en-us/library/windows/desktop/aa370669(v=vs.85).aspx All Computers Domain Controllers + 'Share Servers'
ACL Ldap N/A All user group computer and domain objects All user group computer and domain objects
ObjectProps Ldap N/A All user and computer objects All user and computer objects
View good.json
{
"statements" : [
{
"statement" : "MERGE (n:Group {name:{props.name}})",
"parameters" : {
"props" : {
"name" : "DOMAIN ADMINS@TESTLAB.LOCAL"
}
}
}
View bad.json
{
"statements" : [
{
"statement" : "MERGE (n:User {name:'DOMAIN ADMINS@TESTLAB.LOCAL'})-[r:AdminTo]-(m:Computer {name:'PRIMARY.TESTLAB.LOCAL'})"
},
{
"statement" : "MERGE (n:User {name:'DOMAIN ADMINS@TESTLAB.LOCAL'})-[r:AdminTo]-(m:Computer {name:'SECONDARY.TESTLAB.LOCAL'})"
}
]
}
View ping.cs
internal bool DoPing(string hostname)
{
try
{
using (var client = new TcpClient())
{
var result = client.BeginConnect(hostname, 445, null, null);
var success = result.AsyncWaitHandle.WaitOne(_pingTimeout);
if (!success)
{
View gist:743afc27172fcc6b666b1b2da4703978
namespace Sharphound2
{
//This class exists because of a memory leak in BlockingCollection. By setting the reference to Item to null after enumerating it,
//we can force garbage collection of the internal item, while the Wrapper is held by the collection.
//This is highly preferable because the internal item consumes a lot of memory while the wrapper barely uses any
class Wrapper<T>
{
public T Item { get; set; }
}
}