Skip to content

Instantly share code, notes, and snippets.

View tothi's full-sized avatar
:shipit:

tothi

:shipit:
518 followers · 157 following
View GitHub Profile
@tothi
tothi / bh_split2.py
Last active March 13, 2024 13:48 — forked from Acebond/bh_split2.py
Split large SharpHound datasets (JSON files) into smaller files that can more easily be imported into BloodHound. Especially useful due to the Electron memory limitations and BloodHound CE (running in browser) 1GB file size limitation.
#!/usr/bin/python3
# Based on https://gist.github.com/deltronzero/7c23bacf97b4b61c7a2f2950ef6f35d8
# updated to current BloodHound JSON format (compatible with SharpHound 2.x and BloodHound CE)
# pip install simplejson
import simplejson
import sys
def splitfile(file_name, object_limit):
print(f"[*] Loading {file_name}")
with open(file_name) as f:
@tothi
tothi / DInjectQueuerAPC.cs
Last active October 14, 2023 22:17 — forked from jfmaes/DInjectQueuerAPC.cs
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
/// Using with GadgetToJScript (e.g. for VBS payload):
/// 1.) compile to DLL: c:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library /out:DInjectQueuerAPC.dll /r:System.Net.Http.dll DInjectQueuerAPC.cs
/// 2.) generate VBS: GadgetToJScript.exe -w vbs -b -o DInjectQueuerAPC -a DInjectQueuerAPC.dll
/// 3.) test: cscript.exe DInjectQueuerAPC.vbs
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Threading.Tasks;
@tothi
tothi / decryptKerbTicket.py
Last active June 19, 2024 07:29 — forked from xan7r/decryptKerbTicket.py
Decrypt kerberos tickets and parse out authorization data
#!/usr/bin/env python3
# NOTE: this script was created for educational purposes to assist learning about kerberos tickets.
# Likely to have a few bugs that cause it to fail to decrypt some TGT or Service tickets.
#
# Recommended Instructions:
# Obtain valid kerberos tickets using Rubeus or mimikatz "sekurlsa::tickets /export"
# Optionally convert tickets to ccache format using kekeo "misc::convert ccache <ticketName.kirbi>"
# Obtain appropriate aes256 key using dcsync (krbtgt for TGT or usually target computer account for Service Ticket)
# Run this script to decrypt:
# ./decryptKerbTicket.py -k 5c7ee0b8f0ffeedbeefdeadbeeff1eefc7d313620feedbeefdeadbeefafd601e -t ./Administrator@TESTLAB.LOCAL_krbtgt~TESTLAB.LOCAL@TESTLAB.LOCAL.ccaches
@tothi
tothi / compress-pdf-with-gs.md
Created January 24, 2021 23:32 — forked from guifromrio/compress-pdf-with-gs.md
Compress PDF files with ghostscript

This can reduce files to ~15% of their size (2.3M to 345K, in one case) with no obvious degradation of quality.

ghostscript -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/printer -dNOPAUSE -dQUIET -dBATCH -sOutputFile=output.pdf input.pdf

Other options for PDFSETTINGS:

  • /screen selects low-resolution output similar to the Acrobat Distiller "Screen Optimized" setting.
  • /ebook selects medium-resolution output similar to the Acrobat Distiller "eBook" setting.
  • /printer selects output similar to the Acrobat Distiller "Print Optimized" setting.
  • /prepress selects output similar to Acrobat Distiller "Prepress Optimized" setting.