This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############################################################################################################# | |
# PowerSlim 0.1 | |
############################################################################################################# | |
import os,re | |
import clr,os | |
clr.AddReference("System.Management") | |
clr.AddReference("System.Management.Automation") | |
from System.Management.Automation import * | |
from System.Management.Automation.Host import * | |
from System.Management.Automation.Runspaces import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [ $# -eq 0 ] | |
then | |
echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR' | |
exit 1 | |
fi | |
echo "Checking if there's SMB v3.11 in" $1 "..." | |
nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password" | |
First, before using these parsers, run: "dos2unix mimikatz_dump.txt" | |
Mimikatz 1.0: | |
cat mimikatz_dump.txt | grep -P '((Utilisateur principal)|(msv1_0)|(kerberos)|(ssp)|(wdigest)|(tspkg))\s+:\s+.+' | grep -v 'n\.' | sed -e 's/^\s\+[^:]*:\s\+//' | sed -e 's/Utilisateur principal\s\+:\s\+\(.*\)$/\n\1/' | sort -u | |
Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import svgwrite | |
import volatility.conf as conf | |
import volatility.registry as registry | |
import volatility.plugins.volshell as shell | |
registry.PluginImporter() | |
config = conf.ConfObject() | |
import volatility.commands as commands | |
import volatility.addrspace as addrspace | |
import volatility.utils as utils | |
registry.register_global_options(config, commands.Command) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# | |
# Title: lookupadmins.py | |
# Author: @ropnop | |
# Description: Python script using Impacket to query members of the builtin Administrators group through SAMR | |
# Similar in function to Get-NetLocalGroup from Powerview | |
# Won't work against Windows 10 Anniversary Edition unless you already have local admin | |
# See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016 | |
# | |
# Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2021-4034 (pkexec) self contained exploit PoC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Net; | |
using System.Diagnostics; | |
using System.Reflection; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
/* | |
Author: Casey Smith, Twitter: @subTee | |
License: BSD 3-Clause |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#-*- coding:utf-8 -*- | |
''' | |
DEF CON 2017 Quals - Godzilla (Reverse) | |
Timing attack on RSA decryption. | |
Based on http://www.cs.jhu.edu/~fabian/courses/CS600.624/Timing-full.pdf | |
Another solutions: | |
https://gist.github.com/nneonneo/367240ae2d8e705bb9173a49a7c8b0cd by b2xiao | |
https://gist.github.com/Riatre/caac24840b176cf843b3f66ad9a5eeaf by riatre |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from ghidra.app.emulator import EmulatorHelper | |
from ghidra.program.model.symbol import SymbolUtilities | |
# Tested with Ghidra v9.1 and v9.1.1, future releases are likely to simplify | |
# and/or expand the EmulatorHelper class in the API. | |
# == Helper functions ====================================================== | |
def getAddress(offset): | |
return currentProgram.getAddressFactory().getDefaultAddressSpace().getAddress(offset) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# general | |
alias aws.whoami='aws iam get-user --query User.Arn --output text' | |
alias az.whoami='az ad signed-in-user show --query userPrincipalName --output tsv' | |
# In ~/.aws/credencials|config leave [default] profile empty and name it each one of it so `aws-env -l` can list all of them | |
# aws.profile # show current profile | |
# aws.profile profile-name # set profile name | |
# Double tab completion works | |
aws.profile () | |
{ |
OlderNewer