Skip to content

Instantly share code, notes, and snippets.

thesubtlety /
Created Oct 14, 2021
Rundeck Takeover Reference

Rundeck Compromise

Reference notes to run commands on nodes controlled by Rundeck given a valid API token.


# Identify projects
curl -H $TOKEN $RUNDECK/api/16/projects/ -H accept:application/json | jq  .
thesubtlety /
Last active Oct 4, 2021
Parse Shodan data file and extract CVE details by host, writing to CSV file
#!/usr/bin/env python3
import os
import re
import sys
import json
import gzip
import csv
import datetime
import shodan
thesubtlety /
Created Jan 5, 2019
SANS SEC660 GXPN Recommended Reading
thesubtlety / golang-windows-dll.go
Created Feb 5, 2020
Calling Windows DLLs from Go
View golang-windows-dll.go
package main
import (
thesubtlety / dllmain.cpp
Last active Jul 17, 2021
Basic dll to execute commands
View dllmain.cpp
// Configuration Type: DLL
// Runtime Library: /MT
// Use of MFC: Use MFC in Static Library
// Architecture must match target _process_
// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include <windows.h>
#include <sstream>
View decrypt_jenkins2.rb
#!/usr/bin/env ruby
require 'base64'
require 'digest'
require 'openssl'
# Author: @thesubtlety
# Decrypts Jenkins 2 encrypted strings, code change introduced around Jenkins ver 2.44
# Based off work by juyeong,
thesubtlety / stalebacon.cna
Created Mar 26, 2021
Stale beacon slacker, only messages once
View stalebacon.cna
# CNA script to alert on dead beacons. Doesn't repeat messages.
# author: noah @thesubtlety
# credit - bluescreenofjeff
$webhook_url = "";
$slack_channel = "#crackers";
%beacon_status = %();
# default stale value of 5 minutes (300000ms)
$stale_value = 300000;
thesubtlety / Get-GroupsRec.ps1
Created Jan 23, 2019
Get all AD group membership recursively (requires AD module)
View Get-GroupsRec.ps1
function Get-GroupsRec {
$dn = (Get-ADUser $User).DistinguishedName
Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f $dn) | select -expand Name | sort Name
thesubtlety / gist:5d30bc04f087807d817cf4479a481c23
Last active Mar 24, 2021
Download compile and encrypt the latest mimikatz
View gist:5d30bc04f087807d817cf4479a481c23
#requires -version 2
Author: Noah
@subTee's reflexive loader
Required Dependencies: msbuild, csc
Execute: Run-UpdateKatz -Verbose
thesubtlety / Get-Exports.ps1
Created Feb 12, 2020
DLL Hijack with exports
View Get-Exports.ps1
function Get-Exports {
Get-Exports, fetches DLL exports and optionally provides
C++ wrapper output (idential to ExportsToC++ but without
needing VS and a compiled binary). To do this it reads DLL
bytes into memory and then parses them (no LoadLibraryEx).
Because of this you can parse x32/x64 DLL's regardless of
the bitness of PowerShell.