Skip to content

Instantly share code, notes, and snippets.

Avatar

Tijl Deneut tijldeneut

  • Howest, IC4, UGent
  • Bruges, Kortrijk
View GitHub Profile
@tijldeneut
tijldeneut / Disk_Cleanup_Tool.ps1
Created Sep 16, 2021
Disk Clean Up Tool for Windows
View Disk_Cleanup_Tool.ps1
#+-------------------------------------------------------------------+
#| = : = : = : = : = : = : = : = : = : = : = : = : = : = : = : = : = |
#|{>/-------------------------------------------------------------\<}|
#|: | Author: Aman Dhally
#| :| Email: amandhally@gmail.com
#| :| Web: www.amandhally.net/blog
#| :| blog: http://newdelhipowershellusergroup.blogspot.com/
#| :|
#|: | Purpose:
#| :| Clean lapopt using removing un-wantede files
@tijldeneut
tijldeneut / WinSCPDec.py
Created Sep 15, 2021
Decrypting Stored Passwords in WinSCP
View WinSCPDec.py
#!/usr/bin/python3
# -*- coding: utf-8 -*-
#
# Copyright 2020, Photubias <tijl.deneut@howest.be>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
@tijldeneut
tijldeneut / GetWindowsInfo.py
Last active Sep 18, 2021
Decrypting and parsing some interesting and General Windows Information.
View GetWindowsInfo.py
#!/usr/bin/python3
# -*- coding: utf-8 -*-
#
# Copyright 2020, Photubias <tijl.deneut@howest.be>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
@tijldeneut
tijldeneut / o365creeper.py
Created Aug 25, 2021
Fork with conversion to Python3
View o365creeper.py
#!/usr/bin/env python3
# Created by Korey McKinley, Senior Security Consulant at LMG Security
# https://lmgsecurity.com
# July 12, 2019
# Converted to Python3 by Tijl Deneut for IC4
# August 8, 2021
@tijldeneut
tijldeneut / RequestPRTToken.ps1
Last active Aug 9, 2021
RequestPRTToken.ps1
View RequestPRTToken.ps1
## Written by Photubias, based on https://dirkjanm.io/abusing-azure-ad-sso-with-the-primary-refresh-token/
## Example: powershell -ep bypass .\RequestPRTToken.ps1
[CmdletBinding()]
Param (
[Parameter(Mandatory=$True,Position=1)]$Nonce
)
## Example of a nonce: AQABAAAAAABeStGSRwwnTq2vHplZ9KL4zgnsAt1Vyqx2sMVQVwgmP4MYzWWJfjDXR9L2Jhc2lMCpYpyuFvqYQfHUwEMbVpk1woEIESAbkX-EdIr2ZpDtWiAA
#$nonce = 'AQABAAAAAABeStGSRwwnTq2vHplZ9KL4zgnsAt1Vyqx2sMVQVwgmP4MYzWWJfjDXR9L2Jhc2lMCpYpyuFvqYQfHUwEMbVpk1woEIESAbkX-EdIr2ZpDtWiAA'
#$query = '{"method": "GetCookies", "sender": "https://login.microsoftonline.com", "uri": "https://login.microsoftonline.com/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dhiUgyLP6LnqNTRRyNpT0W1WGjOO_9hNAUjayiM5WJb0wwdAK0fwF635Dw5XStDKDP9EV_AeGIuWqN_rtyrl8m9t6pUGiXHhG3GMSSpW-AWcpfxW9D6bmWECYrN36_9zw&nonce=636957966885511040.YmI2MDIxNmItZDA0Yy00MjZlLThlYjAtYjNk
@tijldeneut
tijldeneut / mp3convert.sh
Last active Aug 8, 2021
MP4/MKV/WEBM to MP3 conversion of a folder with ffmpeg & lame
View mp3convert.sh
#!/usr/bin/env bash
# My bash Script to convert mp4 to mp3
# By NerdJK23 & Photubias
# web: www.computingforgeeks.com
# email: kiplangatmtai@gmail.com
# Requires
# ffmpeg installed
# lame installed
@tijldeneut
tijldeneut / azuread_decrypt_msol.ps1
Last active Jul 26, 2021
Decrypting local MSOL account password from a local, embedded SQL Server
View azuread_decrypt_msol.ps1
Write-Host "AD Connect Sync Credential Extract v3 (@_xpn_ & @tijldeneut)"
Write-Host "`t[ Updated to support new cryptokey storage method ]"
Write-Host "`t[ Updated to support Server 2019's new instance name ]`n"
$client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync;Initial Catalog=ADSync"
try {
$client.Open()
} catch {
Write-Host "[!] Could not connect to localdb with ADSync, trying ADSync2019..."